Wrox Programmer Forums
Go Back   Wrox Programmer Forums > ASP.NET and ASP > Other ASP.NET > ASP.NET 1.x and 2.0 Application Design
ASP.NET 1.x and 2.0 Application Design Application design with ASP.NET 1.0, 1.1, and 2.0.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the ASP.NET 1.x and 2.0 Application Design section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
Old June 16th, 2005, 09:38 AM
Friend of Wrox
Join Date: Mar 2005
Posts: 264
Thanks: 0
Thanked 0 Times in 0 Posts
Default How grap the passed value in select where clause

Hi guys i am passing a aspx page with teamno value( teamsandmatchs.aspx?team=2 ) I do not know how i can grap that passed value and place it inside my select where clasue statement. Right now my where clause has default value 2

 strSQL = "SELECT * From matches Where teamno=2"
but i want change this part so it grabs any passed value for example
teamsandmatchs.aspx?team=4. i be happy if some one show me how i can grap that value and place in my select where clause.Thanks.

Here is my onload code

 Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
        If Session("login") = "ok" Then
            MyConnection = New SqlConnection("server=localhost;database=teniss2;uid=web;pwd=web;")
            If Not Page.IsPostBack Then
            End If
        End If

    End Sub
    Sub BindDataGridTeams()
        Dim ds As New DataSet
        Dim sda As SqlDataAdapter
        Dim strSQL As String
        'Here we are reciving the teamno value 
        strSQL = "SELECT * From matches Where teamno=2"
        sda = New SqlDataAdapter(strSQL, MyConnection)
        sda.Fill(ds, "teams")
        DataGridTeams.DataSource = ds.Tables("teams")

        Catch ObjError As Exception
            DataGridTeams.CurrentPageIndex = 0
            Exit Try
        End Try
    End Sub
Old June 16th, 2005, 10:53 AM
planoie's Avatar
Friend of Wrox
Join Date: Aug 2003
Posts: 5,407
Thanks: 0
Thanked 16 Times in 16 Posts

In its simplest form:

        strSQL = "SELECT * From matches Where teamno=" & Request.QueryString("team")

However, this is not safe. Look up "SQL injection" on google and you'll see why.


Similar Threads
Thread Thread Starter Forum Replies Last Post
Select statement with where clause with 2 conditon Yasho VB.NET 2002/2003 Basics 7 May 16th, 2007 01:40 PM
Select statement with where clause for visual basi Yasho SQL Language 6 May 16th, 2007 01:00 AM
User Value in TextBox be passed in SQL LIKE Clause Vinay Chugh ASP.NET 1.0 and 1.1 Professional 1 June 12th, 2006 07:22 AM
How grap the passed value in URL ? method ASP.NET 1.0 and 1.1 Basics 1 June 17th, 2005 08:05 AM
How to grap passed data and send it to db method Access ASP 0 March 15th, 2005 02:59 PM

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.