Hi I am learning how to use database. I am using sql server 2005. I would like to know how to make an sql query to the database from vb.net. I have tried some code. what i would like to know is, how to make the sqldataadapter statement with 2 or more where clause.

Here is my code:

Public Function ReturnEmployee(ByVal empid As Integer) As Employee
        Dim name As String
        name = "janet"
        Dim sqlconn As SqlConnection = New SqlConnection("server=127.0.0.1;user id=sa;password=;database=northwind")
        Dim sqlDA As SqlDataAdapter = New SqlDataAdapter("select firstname, lastname, title from employees where employeeid= '&empid' and lastname= '" + name + "' ", sqlconn)
        Dim dt As DataTable = New DataTable
        sqlDA.Fill(dt)
        Dim emp As Employee = New Employee
        emp.FirstName = dt.Rows(0)("firstname").ToString()
        emp.LastName = dt.Rows(0)("lastname").ToString()
        emp.Title = dt.Rows(0)("title").ToString()
        Return (emp)
    End Function

I would like to add the where clause lets say,employeeid and name janet.

Thank you..

Use Parameterized query.

Public Function ReturnEmployee(ByVal empid As Integer) As Employee
        Dim name As String
        name = "janet"
        Dim sqlconn As SqlConnection = New SqlConnection("server=127.0.0.1;user id=sa;password=;database=northwind")
        Dim sqlDA As SqlDataAdapter = New SqlDataAdapter("select firstname, lastname, title from employees where employeeid= @empid and lastname=@lastname", sqlconn)

        sqlDA.Parameters.AddWithValue("@empid",10)
        sqlDA.Parameters.AddWithValue("@lastname",name)

        Dim dt As DataTable = New DataTable
        sqlDA.Fill(dt)
        Dim emp As Employee = New Employee
        emp.FirstName = dt.Rows(0)("firstname").ToString()
        emp.LastName = dt.Rows(0)("lastname").ToString()
        emp.Title = dt.Rows(0)("title").ToString()
        Return (emp)
    End Function

Thanks for the answer,but it seems there's an error
'Parameters' is not a member of 'System.Data.SqlClient.SqlDataAdapter'.

is there something that i need to add?

Ok i know. I should use the sql command for the parameters.
Thanks..

This question has already been answered. Start a new discussion instead.