I have the following code, which does a simple SELECT query on a database.If i pass the whole query through the "group" string, the query is OK.But if i try to concatenate the string (only send the group ID) as it follows I get "Syntax error in query expression 'ID='group_data' " -note the three '
I took a peak on MSDN but I couldn't find anything related to it.
public void auth_st(string group)
{
conexiuneBD.Open();
DataSet ds = new DataSet();
OleDbDataAdapter adapter = new OleDbDataAdapter("SELECT Notif FROM teams WHERE ID='"+group+"'", conexiuneBD);
adapter.Fill(ds);
conexiuneBD.Close();
DataTable dt = ds.Tables[0];
foreach (DataRow dr in dt.Rows)
{
listBoxCerer.Items.Add(dr["Notif"].ToString());
}
}
Any help would be really appreciated.Should I use command instead?
String concatenation is very bad, you should be using OleDB parameters this way:
public void auth_st(string group)
{
conexiuneBD.Open();
DataSet ds = new DataSet();
OleDbDataAdapter adapter = new OleDbDataAdapter("SELECT Notif FROM teams WHERE ID=?", conexiuneBD);
adapter.SelectCommand.Parameters.AddWithValue("p1", group);
adapter.Fill(ds);
conexiuneBD.Close();
DataTable dt = ds.Tables[0];
foreach (DataRow dr in dt.Rows)
{
listBoxCerer.Items.Add(dr["Notif"].ToString());
}
}