Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
AskSQLTeam
Ask SQLTeam Question
0 Posts |
 Posted - 2006-09-22 : 10:18:43
|
| sasireddy writes "Hi to everyone,Hey i am doing one small project in ASP.Net by using of SQL Server.In that i want recall data from database.In that i am using one datagrid to retrieve data from database.This is the the my code:Dim con As New SqlConnection(ConfigurationSettings.AppSettings("connectionstring")) Dim cmd As New SqlCommand("select TrackNumber,Origin,Destination,ExpectedDateOfDelivery,PresentDate,PresentLocation from tracking where tracknumber= &TrackNumber", con) con.Open() DataGrid1.DataSource = cmd.ExecuteReader() DataGrid1.DataBind() con.Close()but it didn't call from the database.Can you tell me ........plz" |
|
|
snSQL
Master Smack Fu Yak Hacker
1837 Posts |
Posted - 2006-09-22 : 12:24:04
|
| Take a look at your SELECT in the SqlCommand, you've got something wrong with the TrackNumber value. If you're trying to concatenate the value on the end of the query, don't. You'll be vulnerable to a SQL Injection Attack, rather make that a parameter and add the parameter to the command. |
 |
|
|
|
|
|
getting error