I am currently working on a POS system as a project for my studies. We are building the application in VB winforms using visual studio 2012.
I have the MySQL for Visual Studio installed and have a datasource/connection/dataset set up via the data sources panel in VS.
I am currently trying to make a TableAdapter query using the VS Query Builder which searches a product name however using the standard WHERE (ProductName = @inputParamName) you need a 100% match in @inputParamName for it to display the respective data.
I have tried using WHERE (ProductName LIKE '%' + @inputParamName + '%') however it gives me a MySQL error.
If anyone could help me out, it would be greatly appreciated.
Thanks
OK, I edited my answer to use a different approach. You can do the following. When you create a SqlDataSource in VS, it adds the SelectCommand in the aspx. Set the command to nothing and add a SelectParameter, like this:
<asp:SqlDataSource ID="SqlDataSource1" runat="server" ConnectionString="<%$ ConnectionStrings:ConnectionString %>" ProviderName="<%$ ConnectionStrings:ConnectionString.ProviderName %>" SelectCommand="">
<SelectParameters>
<asp:Parameter DefaultValue="" Name="param1" Type="String" />
</SelectParameters>
</asp:SqlDataSource>
Now in the code behind, you can change the SelectCommand and pass it a param like this:
{
// Run this on a click or selected index change
string m_param = "2012"; //this would be something like Textbox1.Text
this.SqlDataSource1.SelectParameters[0].DefaultValue = m_param;
this.SqlDataSource1.SelectCommand = "SELECT ID, FILENAME FROM drmc.checksum WHERE FILENAME LIKE '%" + this.SqlDataSource1.SelectParameters[0].DefaultValue + "%'";
}
You will need to test the "Textbox1.Text" value against SQL Injection. Regex is good for this.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.