I want to get same values form my database therefore I'm using this query:
SELECT NormalComputers
FROM usb_compliance
WHERE ATC = 'CMB'
ORDER BY date DESC
OFFSET 0 ROWS FETCH NEXT 1 ROWS ONLY
Using this I want to get so many values so I plan to use SQL injection method please help me how to create this
If I can use injection method I can use function it should be like this
Private Function query(ByVal values As String, ByVal atc As String, ByVal no As Integer)
Dim connetionString As String
Dim connection As SqlConnection
Dim command As SqlCommand
Dim sql As String
connetionString = "Server=CTV-WEBDEVEXG;Database=usb;Trusted_Connection=True;"
sql = "SELECT @values FROM usb_compliance WHERE ATC=@atc ORDER BY date DESC OFFSET @no ROWS FETCH NEXT 1 ROWS ONLY"
connection = New SqlConnection(connetionString)
Try
command = New SqlCommand(sql, connection)
With command
.Connection.Open()
MsgBox("done !!!")
.CommandType = CommandType.Text
.Parameters.Add("@values", SqlDbType.DateTime).Value = values
.Parameters.Add("@atc", SqlDbType.NVarChar).Value = atc
.Parameters.Add("@NormalComputers", SqlDbType.Int).Value = no
End With
command.ExecuteNonQuery()
command.Dispose()
connection.Close()
Catch ex As Exception
End Try
Return sql
End Function
I have tried this way but its not working so please help me on this
parameter @values refers to the name of the field you want to retrieve. So it owes to be a string not a DateTime (despite the fact that this filed datatype might be DateTime).
...
.Parameters.Add("@values", SqlDbType.NVarChar).Value = values
...
to get rows affected:
Dim numRows as Integer
...
..
numRows=command.ExecuteNonQuery()