c# - Database to declared variable -


i want pass studname contents declared variable. tried " +a.tostring+" still got errors

string a;  connection.close(); connection.open(); string strsql = "select *from students studname = '"  +a.tostring() + "' , studnum = '" + studentnumber; oledbcommand command = new oledbcommand(strsql); 

studnum = '" + studentnumber

the database column studentnumber numeric you're half treating alphanumeric.

solution

studnum = " + studentnumber

you need use parameterised commands protect against sql injection attack. solve issues such variables containing apostrophes , etc cause sql fail.


Comments