ASP.NET RSS ASP.NET RSS

error on search code

Please support our ASP.NET advertiser: Intel Parallel Studio Home
Reply

Join Date: Nov 2008
Posts: 19
Reputation: krany18 is an unknown quantity at this point 
Solved Threads: 0
krany18 krany18 is offline Offline
Newbie Poster

error on search code

 
0
  #1
Nov 27th, 2008
hai friends i am writing the code for search button;

while i am wrote and complied that it gives the following error.
so many times i checked and posting into the forum now please clarify this problem..


code is:

asp.net Syntax (Toggle Plain Text) 
  1. using System;
  2. using System.Data;
  3. using System.Configuration;
  4. using System.Collections;
  5. using System.Web;
  6. using System.Web.Security;
  7. using System.Web.UI;
  8. using System.Web.UI.WebControls;
  9. using System.Web.UI.WebControls.WebParts;
  10. using System.Web.UI.HtmlControls;
  11. using System.Data.SqlClient;
  12.  
  13. public partial class nextpage : System.Web.UI.Page
  14. {
  15.     protected void Page_Load(object sender, EventArgs e)
  16.     {
  17.         SqlConnection con = new SqlConnection("user id=sa;password=vikram;database=MUDIAM_INC");
  18.         SqlCommand cmd = new SqlCommand("select * from mudiamINC", con);
  19.         cmd.Connection = con;
  20.         con.Open();
  21.     }
  22.     protected void Button1_Click(object sender, EventArgs e)
  23.     {
  24.         SqlConnection con = new SqlConnection("user id=sa;password=vikram;database=MUDIAM_INC");
  25.         SqlDataAdapter da = new SqlDataAdapter("select * from mudiamINC where fname like" + TextBox1.Text + " %", con);
  26.         DataSet ds = new DataSet();
  27.         da.Fill(ds, "mudiamINC");
  28.         con.Open();
  29.         SqlCommand cmd = new SqlCommand();
  30.         cmd.Connection = con;
  31.         cmd.CommandText = "select * from mudiamINC";
  32.  
  33.     }
  34. }

Error Is:

ASP.NET Syntax (Toggle Plain Text) 
  1. An expression of non-boolean type specified in a context where a condition is expected, near 'likekrani'


please check the error and tell me the correct solution for that..
ASAP


another one is search information could be displayed in the browser in a tabular format.
please clarify my doubt.

please...please...please...please...please...please...please...please...
Last edited by peter_budo; Nov 28th, 2008 at 1:28 pm. Reason: Keep It Organized - For easy readability, always wrap programming code within posts in [code] (code blocks) and [icode] (inline code) tags.
Reply With Quote Quick reply to this message  
Join Date: May 2008
Posts: 560
Reputation: Murtan is a jewel in the rough Murtan is a jewel in the rough Murtan is a jewel in the rough Murtan is a jewel in the rough 
Solved Threads: 90
Murtan Murtan is offline Offline
Posting Pro

Re: error on search code

 
0
  #2
Nov 27th, 2008
I think the problem is where you're building your select
ASP.NET Syntax (Toggle Plain Text) 
  1. SqlDataAdapter da = new SqlDataAdapter("select * from mudiamINC where fname like" + TextBox1.Text + " %", con);
I'm think you need a space after the like, but not before the %
ASP.NET Syntax (Toggle Plain Text) 
  1. SqlDataAdapter da = new SqlDataAdapter("select * from mudiamINC where fname like " + TextBox1.Text + "%", con);

Note however that I suspect this code is 'bad form'. You are taking user input without validation and putting it into SQL queries. This potentially puts your application at risk for SQL injection attacks.
Reply With Quote Quick reply to this message  
Join Date: Nov 2008
Posts: 19
Reputation: krany18 is an unknown quantity at this point 
Solved Threads: 0
krany18 krany18 is offline Offline
Newbie Poster

Re: error on search code

 
0
  #3
Nov 28th, 2008
please send me the correct code for that...
Reply With Quote Quick reply to this message  
Join Date: May 2008
Posts: 560
Reputation: Murtan is a jewel in the rough Murtan is a jewel in the rough Murtan is a jewel in the rough Murtan is a jewel in the rough 
Solved Threads: 90
Murtan Murtan is offline Offline
Posting Pro

Re: error on search code

 
0
  #4
Nov 28th, 2008
I think for testing your example, you could ignore the 'bad form'.

But if this will be accessed by other people (especially the public) that might ever have malicious intent then you should address this and any other code that might be subject to attack.

For more information on protecting yourself from SQL Injection attacks, I recommend the following article:

http://msdn.microsoft.com/en-us/library/ms998271.aspx
Reply With Quote Quick reply to this message  
Reply

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the ASP.NET Forum
Thread Tools Search this Thread



.net 2.0 3.5 activexcontrol advice ajax appliances asp asp.net bc30451 beginner bottomasp.net browser businesslogiclayer button c# c#gridviewcolumn cac checkbox child class click compatible confirmationcodegeneration content contenttype control countryselector courier css database datagrid datagridview datagridviewcheckbox datalist deadlock deployment development dgv dialog dropdownmenu dynamic edit embeddingactivexcontrol feedback findcontrol flash flv form forms gridview homeedition hosting iframe iis javascript jquery list menu mono mssql multistepregistration nameisnotdeclared novell objects order problem ratings relationaldatabases rotatepage save search security serializesmo.table sessionvariables silverlight smartcard sql ssl suse textbox tracking treeview typeof unauthorized validatedate validation vb.net video virtualdirectory vista visual-studio visualstudio vs2008 web webarchitecture webdevelopemnt webdevelopment wizard xml
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC