so im trying to make a search records for database but i got error
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘WHERE ProductName LIKE ‘Monitor’ ‘%’" at line 1
Private Sub Btnsearch_Click(sender As Object, e As EventArgs) Handles btnsearch.Click
Try
ListView1.Items.Clear()
strsql = "SELECT tbl_pcperipherals WHERE ProductName LIKE @field1 '%'"
objcmd = New MySql.Data.MySqlClient.MySqlCommand(strsql, objconn)
With objcmd
.Parameters.AddWithValue("@field1", txtsearch.Text)
End With
objdr = objcmd.ExecuteReader
While (objdr.Read)
With ListView1.Items.Add(objdr("ProductID"))
.SubItems.add(objdr("ProductName"))
.subitems.add(objdr("ProductBrand"))
.subitems.add(objdr("ProductCategory"))
.subitems.add(objdr("ProductQuantity"))
.subitems.add(objdr("ProductDescription"))
.subitems.add(objdr("ProductManufacturer"))
.subitems.add(objdr("Stock"))
.subitems.add(objdr("Supplier"))
.subitems.add(objdr("ContactNo"))
End With
objcmd.Dispose()
objdr.Close()
End While
Catch ex As Exception
MsgBox(ex.Message)
Me.fillsview()
End Try
End Sub
4
Answers
Hi guys thank you for responding to this question i already fix it to and i change the code a little bit and remove the sql inject vulnerability.
This fix my problem
Here the change in my code and sql inject vulnerability removed and change to this.
you are bulding the
LIKE
matching string in wrong way .. try sueI don’t know why you are using a
ListView
. ADataGridView
has aDataSource
property so it is easier to code.Declare your disposable database objects locally in a
Using
block. Your select statement lacks a field list and a From clause.Your code closes the reader after the first record is read because
objdr.Close()
is inside theWhile
loop. Anyway, it is not good to hold the connection open while you update the user interface. Connections should be opened at the last minute and closed as soon as possible. ADataReader
requires an open connection. If youLoad
aDataTable
you can close the connection and then fill the ListView.I believe if you use the code like this one will solve your issue: