Questions

sql select comand in VB

Tags:
+
0 Votes
Locked

sql select comand in VB

sajjad81
In minr project i use that query it is workinf fine.
"select * from attend where eid=" & CLng(eid.Text)
but i can not wirte a query for two fields. i try tyo write that
"select * from attend where eid= and field2=" & CLng(eid.Text) and clng(1)
but i get a error data missmatch.
can any body helpme??
  • +
    0 Votes

    Ah

    Tony Hopkinson

    "select * from attend where eid=" & CLng(eid.Text) & " and field2=" & clng(1)

    +
    0 Votes
    etruss

    Your phrases were out of order. Your attempt: "select * from attend where eid= and field2=" & CLng(eid.Text) and clng(1)
    results in: "select * from attend where eid= and field2=" & True

    Also, you want a string when you are done so you don't need to convert anything to Long. So use this instead:

    select * from attend where eid=" & eid.Text & " and field2=1"

    +
    0 Votes
    Tony Hopkinson

    does have the advantage of killing an injection attack.

    Which is precisely why parameterised queries should be used for 'user' entered data.

    +
    0 Votes
    mdv3441

    Given the statement;
    "select * from attend where eid= and field2=" & CLng(eid.Text) and clng(1)

    eid= What no parameter.

    +
    0 Votes
    marc

    Why don't you use brackets - it's sure easier to read...

    Result = "select * from attend where (eid=" & eid.Text & ") AND (field2=1)"

    Greetings.

    +
    0 Votes

    You may also want to peruse through all of your code and look for any typos and spelling errors, something tells me that is a good place to start...

    +
    0 Votes
    Mitras_saikat

    hi,
    your query is
    "select * from attend where eid= and field2=" & CLng(eid.Text) and clng(1)

    I have made a correction
    "select * from attend where eid=" & CLng(eid.Text) & " and field2=" & clng(1) & ""

    or you can write

    "select * from attend where eid=" & CLng(eid.Text) & " and field2=1"


    Check the query now

  • +
    0 Votes

    Ah

    Tony Hopkinson

    "select * from attend where eid=" & CLng(eid.Text) & " and field2=" & clng(1)

    +
    0 Votes
    etruss

    Your phrases were out of order. Your attempt: "select * from attend where eid= and field2=" & CLng(eid.Text) and clng(1)
    results in: "select * from attend where eid= and field2=" & True

    Also, you want a string when you are done so you don't need to convert anything to Long. So use this instead:

    select * from attend where eid=" & eid.Text & " and field2=1"

    +
    0 Votes
    Tony Hopkinson

    does have the advantage of killing an injection attack.

    Which is precisely why parameterised queries should be used for 'user' entered data.

    +
    0 Votes
    mdv3441

    Given the statement;
    "select * from attend where eid= and field2=" & CLng(eid.Text) and clng(1)

    eid= What no parameter.

    +
    0 Votes
    marc

    Why don't you use brackets - it's sure easier to read...

    Result = "select * from attend where (eid=" & eid.Text & ") AND (field2=1)"

    Greetings.

    +
    0 Votes

    You may also want to peruse through all of your code and look for any typos and spelling errors, something tells me that is a good place to start...

    +
    0 Votes
    Mitras_saikat

    hi,
    your query is
    "select * from attend where eid= and field2=" & CLng(eid.Text) and clng(1)

    I have made a correction
    "select * from attend where eid=" & CLng(eid.Text) & " and field2=" & clng(1) & ""

    or you can write

    "select * from attend where eid=" & CLng(eid.Text) & " and field2=1"


    Check the query now