[thelist] using a form.text object in an Insert command
Ken Schaefer
Ken at adOpenStatic.com
Mon Dec 20 21:58:12 CST 2004
("INSERT INTO members (fname) VALUES ('" & fname.text & "')"
But really you should be using Parameters, to avoid SQL Injection attacks
(which have been mentioned a number of times on this list).
I'm pretty sure the ASP.NET Unleashed book that was recommended covers this.
Cheers
Ken
: -----Original Message-----
: From: thelist-bounces at lists.evolt.org [mailto:thelist-
: bounces at lists.evolt.org] On Behalf Of Casey Crookston
: Sent: Tuesday, 21 December 2004 2:31 PM
: To: thelist at lists.evolt.org
: Subject: [thelist] using a form.text object in an Insert command
:
: myAddMemberCmd = New OleDbCommand("INSERT INTO members (fname) VALUES
: ('Fubar')", myDbConn)
:
: This works fine. But what if the value of fname is held in fname.text
: after
: a form submission? Confused on the syntax.
:
: Here's all the code:
:
: Sub Submit_Button_Click(Sender As Object, E As EventArgs)
:
: Dim myDbConn As OleDbConnection
: Dim myAddMemberCmd As OleDbCommand
:
: myDbConn = New OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0; Data
: Source=C....mdb")
: myAddMemberCmd = New OleDbCommand("INSERT INTO members (fname) VALUES
: ('fname.text')", myDbConn)
: myDbConn.open()
: myAddMemberCmd.ExecuteNonQuery()
: myDbConn.close()
:
: End Sub
:
:
: --
:
More information about the thelist
mailing list