Select Statement - Level Extreme

Level Extreme platform

Subscription

Corporate profile

Products & Services

Support

Legal

Français

Select Statement

Message

From

17/04/2003 12:44:26

Michael Levy
Cincinnati, Ohio, United States

17/04/2003 10:23:28

Stephen Russell
S. R. & Associates
Memphis, Tennessee, United States

General information

Forum:

ASP.NET

Category:

ADO.NET

Title:

Re: Select Statement

Miscellaneous

Thread ID:

00778464

Message ID:

00778921

Views:

>Try :
>String strSelect = "SELECT ins1ln, ins1fn, pxd FROM Policy WHERE agent = '"+ MyAgent + "'" ;

You just have to be careful that you don't expose your application to SQL Injection attacks. You really have to understand the source of MyAgent.

-Mike

>
>You need to put single quotes in the string for SQL, you also need to ADD the value to the string.
>
>>Have you tried parameterizing your query and specifying a value with a Parameter?
>>
>>-Mike
>>
>>>I have a grid on a web form and I am trying to populated it with the following Select statement:
>>>
>>>MyAgent = Session["ProducerCode"].ToString();
>>>String strSelect = "SELECT ins1ln, ins1fn, pxd FROM Policy WHERE agent = MyAgent" ;
>>>
>>>
>>>The problem is that my Where clause does not recognize the variable MyAgent.
>>>
>>>Can anybody help me to populate the Where clause with a Session variable.
>>>
>>>I am using C#.
>>>
>>>Thanks,
>>>Sergio

Michael Levy
MCSD, MCDBA
ma_levy@hotmail.com

Map

View

Click here to load this message in the networking platform