Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
jamie123
Starting Member
15 Posts |
 Posted - 2008-05-23 : 09:54:34
|
| I moved from using data adapters to tableadapters. This is my sql query that is included in my data adapter sql = "SELECT f.Date, CPT, CPTModifier, CPTModifier2, Description, Fee, Tax, Balance, [SPatient Number] FROM Financial f INNER JOIN Demographics d ON d.[Patient Number]=f.[SPatient Number] WHERE (f.[SPatient Number]= (" & intPID & "))" conn.ConnectionString = My.Settings.EbtblsConnectionString da = New SqlDataAdapter(sql, conn)intPID is an input box that a user types a number in and compares it to SPatient Number on the Financial table. The query has been working fine.However, when I go into designer view and hit the table adapter's "add query" property, in vs2008. I put that query in, and it gives me an error saying that intPID is not a valid column. I am aware it's not a valid column..because it isn't a column, it's a variable in the windows form. How do I put a variable in the sql string for table adapters? |
|
|
SwePeso
Patron Saint of Lost Yaks
30421 Posts |
Posted - 2008-05-23 : 10:16:13
|
I hope some of your users doesn't write" or 1 = 1; DROP TABLE Financial; DROP TABLE Demographics;"in the text box.Haven't you heard of SQL Injection at all?
E 12°55'05.25"N 56°04'39.16" |
 |
|
|
jsmith8858
Dr. Cross Join
7423 Posts |
|
|
|
|
|
|
|
TableAdapters