Any idea about this Code?

Question

0.00/5 (No votes)

See more:

VS2010

May superior told that it will solve my issue but i want to know how it works. So can anyone elaborate it.?

VB

Dim dt As New DataTable
        Dim da As New SqlDataAdapter("select max(sl_no) from e1 where project.project_id and e1.project_id = '" + Project_IDTextBox.Text + "'", con)

Posted 31-Oct-12 20:44pm

armarzook

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Accepted Answer · 2012-10-31T22:23:00

It creates two new objects (which it does nothing to tie together).
One is a DataTable which under normal conditions contains the data from a data source such as an SQL database, but in this case contains nothing.
The other is a DataAdapter which would normally be used to supply the data to a DataTable or similar object. In this case, the adapter is prepared with a SQL connection, and a (bad) select statement to restrict the record returned.

And your superior is an idiot. Using code like that opens your database up to an SQL Injection attack which can accidentally or deliberately damage or destroy your database. Google "Bobby Tables" and don't assume that what you find is just a joke. Use parametrised queries instead of concatenating strings.