Plz give me a solution of this que.

Question

1.00/5 (1 vote)

See more:

how to retrieve all message from database of oledb on the page of asp.
in the format of left side is sender message and right side is reciever message.

What I have tried:

dim cmd as new oledbcommand("select count(*) from message where sender='"&textbox1&"'",con)
n=cmd.executesclare
if n>0 then
cmd=new oledbcommand("select msg from message where sender='"&textbox1&"'",con)
label1.text=cmd.executescalar()
endif

Posted 7-Feb-16 3:30am

GIRISH SONI

Add a Solution

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Accepted Answer · 2016-02-07T03:42:00

Ignoring that that won't work, because a Textbox is not the same as the content, start by never doing it like that!
Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
For example:

VB

Dim cmd As New OledbCommand("SELECT COUNT(*) FROM message WHERE sender = @SNDR",con)
cmd.Parameters.AddWithValue("@SNDR", textbox1.Text)
n=cmd.ExecuteScalar()

Fixing that may solve your problem as well, but concatenating strings to do this is very dangerous, particularly in a web application, where anyone could delete your database from the other side of the world just by typing in your text box!

PIEBALDconsult · Accepted Answer · 2016-02-07T04:08:00

First, don't be so rude. And use a proper title for your question.

The most important thing you need to learn about data access is how to use parameters. Never concatenate user values into an SQL statement.
Next, getting the count of records is a pointless waste of time.
Finally, if you expect to receive many records, use ExecuteReader, not ExecuteScalar.

I assume you are using Access as a database. Using parameters with Access, and some other databases, is not as easy as with SQL Server and some others, but it can be done if you're careful.

My VB-fu is weak, but this should be enough to get you going:

VB

dim cmd as new oledbcommand("select msg from message where sender=@sendername",con)
dim prm as cmd.createparameter()
prm.parametername="sendername"
prm.value=textbox1
cmd.parameters.add(prm)
dim rdr as cmd.executereader()
while(rdr.read())
  'do stuff with the data values
end while

Plz give me a solution of this que.

2 solutions

Solution 1

Solution 2

Add your solution here

Preview 0