Menu
I am doing validation while add student from the application. If I run following query
SELECT ID FROM Student WHERE Name =' " '+str+' " '
It will generate following error:
Invalid column name 'str'.
And my application going to generate DBException.
How can I solve this problem?
Edit
String SName=txtBox1.Text;
String sql="select id from student where name = ' "+SName.Trim()+" ' ";
SqlConnection connection = null;
SqlDataReader reader = null;
try
{
connection = GetConnection();
SqlCommand command = new SqlCommand(sql, connection);
if (_sqltransection != null)
{
command.Transaction = _sqltransection;
}
reader = command.ExecuteReader(CommandBehavior.CloseConnection);
}
catch (SqlException ex)
{
throw new DBException(ex);
}
Where txtBox.Text=" '+str+' "
564
SELECT ID FROM Student WHERE Name =' " '+'divyesh'+' " '
But have no sense...
Maybe you'll prefer something like:
SELECT ID FROM Student WHERE Name like '%divyesh%'
If you want to add single cuotes in the string:
SELECT '''hello'''
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
