I have this access db that I have a ddl for the state name and a ddl for the year. I have a gridview that I'd like to pass the value of the state drop down list into where clause. Obviously if I could use sql with the named parameters I would but this is what I'm stuck with and not sure exactly how to format it correctly.
the drop down list is name ddlStates. In the parameters I've tried
mycommand.Parameters.Add("#ddlStates")
here is the data set
public DataSet GetData()
{
DataSet ds;
using (OleDbConnection myConnString = new OleDbConnection())
{
myConnString.ConnectionString = connString;
using (OleDbCommand myCommand = new OleDbCommand())
{
myCommand.CommandText = "select * from tblTest where location = ?";
myCommand.Parameters.Add();
myCommand.Connection = myConnString;
using (OleDbDataAdapter da = new OleDbDataAdapter())
{
da.SelectCommand = myCommand;
ds = new DataSet();
da.Fill(ds, "Grades");
}
}
return ds;
}
}//ends get data dataset
1.you need to open your connection
2.you can add the parameter as follows
public DataSet GetData()
{
DataSet ds;
using (OleDbConnection conn = new OleDbConnection(connString))
{
string query= "select * from tblTest where location = ?";
using (OleDbCommand myCommand = new OleDbCommand(query, conn))
{
myCommand.Parameters.AddWithValue("#ddlStates", <your value>);
conn.Open();
using (OleDbDataAdapter da = new OleDbDataAdapter(myCommand, conn))
{
ds = new DataSet();
da.Fill(ds, "Grades");
return ds;
}
}
}
}
myCommand.Parameters.AddWithKey("location", this.ddlStates.SelectedValue);
That assumes that the data type of the location column is textual. If it's numeric or something else then convert the SelectedValue to the appropriate data type first.
Related
I'm passing a query and parameter from a WinForm to a database class. The
The code on the Form looks like this:
string selectedComp = "CPSI";
string catsQuery = "SELECT id, category, old_value, old_desc, new_value, new_desc, reference1, reference2 FROM masterfiles.xref WHERE company_name = '#company' ORDER BY category, old_value";
Db categoriesData = new Db();
dgvCategories.DataSource = categoriesData.GetData(catsQuery, selectedComp);
And in my database class my code to populate the datatable/set is this:
public DataTable GetData(string selectQuery, string selectedComp)
{
NpgsqlConnection conn = new NpgsqlConnection(connString);
DataSet ds = new DataSet();
NpgsqlCommand cmd = new NpgsqlCommand(selectQuery, conn);
cmd.Parameters.Add(new NpgsqlParameter("#company", selectedComp));
//cmd.Parameters.AddWithValue("#company", selectedComp);
//cmd.Parameters.Add("#company", NpgsqlDbType.Text);
//cmd.Parameters["#company"].Value = selectedComp;
try
{
conn.Open();
NpgsqlDataAdapter da = new NpgsqlDataAdapter(selectQuery, conn);
conn.Close();
da.Fill(ds);
return ds.Tables[0];
}
}
But putting a breakpoint at NpgsqlDataAdapter da = new NpgsqlDataAdapter(selectQuery, conn);, selecctQuery hasn't changed - the '#company' is still in the query.
What am I missing?
The root problem is that you're passing the query to the data adapter instead of the command. Change
NpgsqlDataAdapter da = new NpgsqlDataAdapter(selectQuery, conn);
to
NpgsqlDataAdapter da = new NpgsqlDataAdapter(cmd);
I would also use using to dispose of all objects, and don't close the connection until the dataset is filled:
using(NpgsqlConnection conn = new NpgsqlConnection(connString))
using(NpgsqlCommand cmd = new NpgsqlCommand(selectQuery, conn))
{
cmd.Parameters.Add(new NpgsqlParameter("company", selectedComp));
conn.Open();
using(NpgsqlDataAdapter da = new NpgsqlDataAdapter(cmd))
{
DataSet ds = new DataSet();
da.Fill(ds);
}
conn.Close();
return ds.Tables[0];
}
I have successfully built connection string and able to populate table data when the database is Access as:
DataTable results = new DataTable();
using (OleDbConnection thisConnection = new OleDbConnection(connectionname))
{
OleDbCommand cmd = new OleDbCommand("SELECT * from TABLE_A", thisConnection); //EDIT : change table name for Oracle
thisConnection.Open();
OleDbDataAdapter adapter = new OleDbDataAdapter(cmd);
adapter.Fill(results);
}
I am new to Oracle though. Can somebody mention what changes to make in above code for Oracle database?
You can try this;
OracleConnection conn = new OracleConnection("Your Connection string");
//Open the connection to the database
conn.Open();
DataSet dataSet = new DataSet();
OracleCommand cmd = new OracleCommand("your select query");
cmd.CommandType = CommandType.Text;
cmd.Connection = conn;
using (OracleDataAdapter dataAdapter = new OracleDataAdapter())
{
dataAdapter.SelectCommand = cmd;
dataAdapter.Fill(dataSet);
}
how to pass ds from sql class to form class
in my form class
sqlCls floor = new sqlCls();
floor.getByFloor(floorNo);
reportFormDataGridView.DataSource = ds.Tables[0]; ******
in sql class . floor method
public DataSet getByFloor(int floorNo)
{
DataSet ds = new DataSet();
SqlConnection conn = connectionCls.openConnection();
SqlCommand com = new SqlCommand("select * from table where floorsNo = " + floorNo, conn);
SqlDataAdapter SE_ADAPTAR = new SqlDataAdapter(com);
SE_ADAPTAR.Fill(ds);
conn.Close();
return ds;
}
GridViews can take a DataSet as the DataSource just fine, no need to use a table.
Just do this:
sqlCls floor = new sqlCls();
var ds = floor.getByFloor(floorNo);
reportFormDataGridView.DataSource = ds;
You have a SQL Injection vulnerability in your code. Please consider using SQL parameters instead of unsanitized input.
So in your case it would be:
public DataSet getByFloor(int floorNo)
{
DataSet ds = new DataSet();
SqlConnection conn = connectionCls.openConnection();
SqlCommand com = new SqlCommand("select * from table where floorsNo = #floorsNo", conn);
com.Parameters.AddWithValue("#floorsNo", floorNo);
using(SqlDataAdapter SE_ADAPTAR = new SqlDataAdapter(com))
{
SE_ADAPTAR.Fill(ds);
conn.Close();
}
return ds;
}
SqlDataAdapter implements the IDisposable interface so you can wrap it in a using block to automatically dispose of resources when execution flow leaves the scope.
I have a method which returns DataSet.
protected DataSet GetProgramList()
{
DataSet ds1 = new DataSet();
using (SqlConnection cn = new SqlConnection("server=Daffodils-PC\\sqlexpress;Database=Assignment1;Trusted_Connection=Yes;"))
{
using (SqlDataAdapter da = new SqlDataAdapter(#"SELECT * FROM Program", cn))
da.Fill(ds1, "Program");
}
return ds1;
}
I want to use a specific column from the DataSet in other Method which is below:
protected DataSet GetStudentByProgramID(int programID)
{
DataSet ds2 = new DataSet();
using (SqlConnection cn = new SqlConnection("server=Daffodils-PC\\sqlexpress;Database=Assignment1;Trusted_Connection=Yes;"))
{
using (SqlDataAdapter da = new SqlDataAdapter(#"SELECT LastName, FirstName FROM Student JOIN Program on Program.ProgramID = Student.ProgramID WHERE ProgramID ="+programID, cn))
da.Fill(ds2, "Student");
}
return ds2;
}
For example I want to use, the column ProgramID from Program Table in first method. I know I have to store the returned dataset in a variable but How?
Given that you will have ds1 accessible for GetStudentByProgramID method
Then you can use it this way
rotected DataSet GetStudentByProgramID(int programID)
{
DataColumn programId = ds1.Tables[0].Columns["ProgramId"];
//to read row you can iterate from ds1.Table[0].Rows
DataSet ds2 = new DataSet();
using (SqlConnection cn = new SqlConnection("server=Daffodils-PC\\sqlexpress;Database=Assignment1;Trusted_Connection=Yes;"))
{
using (SqlDataAdapter da = new SqlDataAdapter(#"SELECT LastName, FirstName FROM Student WHERE ProgramID ="+programID, cn))
da.Fill(ds2, "Student");
}
return ds2;
}
Why don't you write one query?
SELECT programID, LastName, FirstName
FROM Program JOIN Student ON Program.Id=Student.ProgramId
That way, you'll have each student with their programID.
I can't understand what I am doing wrong, I can't seem to SELECT with a prepared statement. However I can INSERT with a prepared statement.
MySqlCommand cmd = new MySqlCommand("SELECT * FROM code_post WHERE name = ?postRequired LIMIT 1", dbcon);
cmd.Parameters.Add(new MySqlParameter("?postRequired", requestString));
cmd.ExecuteNonQuery();
DataSet ds = new DataSet();
cmd.fill(ds, "result");
try {
thisBlog = ds.Tables["result"].Rows[0];
} catch {
invalid();
return;
}
Any advice on this would be greatly appreciated!
To fill a DataSet you will need a DataAdapter.
Try this:
MySqlCommand cmd = new MySqlCommand("SELECT * FROM code_post WHERE name = ?postRequired LIMIT 1", dbcon);
cmd.Parameters.Add(new MySqlParameter("?postRequired", requestString));
cmd.ExecuteNonQuery();
DataSet ds = new DataSet();
MySqlDataAdapter dAdap = new MySqlDataAdapter();
dAdap.SelectCommand = cmd;
dAdap.Fill(ds, "result");
try {
thisBlog = ds.Tables["result"].Rows[0];
} catch {
invalid();
return;
}
You need to use SqlDataAdapter
DataAdapter represents a set of data commands and a database connection that are used to fill the DataSet and update a SQL Server database.
The SqlDataAdapter provides this bridge by mapping Fill, which changes the data in the DataSet to match the data in the data source
Check the following syntax:
private static DataSet SelectRows(DataSet dataset,
string connectionString,string queryString)
{
using (SqlConnection connection =
new SqlConnection(connectionString))
{
SqlDataAdapter adapter = new SqlDataAdapter();
adapter.SelectCommand = new SqlCommand(
queryString, connection);
adapter.Fill(dataset);
return dataset;
}
}