Introduction:
It Avoids sql injection.
Codings:
protected void Button1_Click(object sender, EventArgs e)
{
string selQry = "select * from chkStr where name= @name ";
using (con = new SqlConnection(conStr))
{
con.Open();
using (cmd = new SqlCommand(selQry, con))
{
cmd.Parameters.Add("@name",TextBox1.Text.Trim());
sqldr = cmd.ExecuteReader();
DataTable dt = new DataTable();
dt.Load(sqldr);
foreach (DataRow dr in dt.Rows)
{
Label1.Text = dr["name"].ToString();
}
}
}
}
////using reader
while (sqldr.Read())
{
Label1.Text = sqldr["name"].ToString();
}
Example:
protected void Button1_Click(object sender, EventArgs e)
{
string selQry = "select * from chkStr where name= @name "; //name like
using (con = new SqlConnection(conStr))
{
con.Open();
using (cmd = new SqlCommand(selQry, con))
{
cmd.Parameters.Add("@name",TextBox1.Text.Trim());
sqldr = cmd.ExecuteReader();
while (sqldr.Read())
{
Label1.Text = sqldr["name"].ToString();
}
}
}
}
It Avoids sql injection.
Codings:
protected void Button1_Click(object sender, EventArgs e)
{
string selQry = "select * from chkStr where name= @name ";
using (con = new SqlConnection(conStr))
{
con.Open();
using (cmd = new SqlCommand(selQry, con))
{
cmd.Parameters.Add("@name",TextBox1.Text.Trim());
sqldr = cmd.ExecuteReader();
DataTable dt = new DataTable();
dt.Load(sqldr);
foreach (DataRow dr in dt.Rows)
{
Label1.Text = dr["name"].ToString();
}
}
}
}
////using reader
while (sqldr.Read())
{
Label1.Text = sqldr["name"].ToString();
}
Example:
protected void Button1_Click(object sender, EventArgs e)
{
string selQry = "select * from chkStr where name= @name "; //name like
using (con = new SqlConnection(conStr))
{
con.Open();
using (cmd = new SqlCommand(selQry, con))
{
cmd.Parameters.Add("@name",TextBox1.Text.Trim());
sqldr = cmd.ExecuteReader();
while (sqldr.Read())
{
Label1.Text = sqldr["name"].ToString();
}
}
}
}
Comments
Post a Comment