i'm using visual studio 2013 , doing personal project. trying tried use prepared statement in query still @fname eventhough typed first name in textbox. know wrong? sorry, english difficult me i'm doing best explain this.
query = "select pkey.keyword \"keyword\", p.title \" title\", p.abstract \"abstract\", p.citation \"citation\", concat_ws(\" \", f.fname, f.lname) \"name\", f.email \"email\" " + " paper_keywords pkey" + " inner join papers p on pkey.id = p.id" + " inner join authorship on p.id = a.paperid" + " inner join faculty f on a.facultyid = f.id " + " f.fname \"%@fname%\" "; here codes @ below:
conn = new mysqlconnection(stringconn); cmd = new mysqlcommand(query, conn); cmd.parameters.addwithvalue("@fname", fnametextbox.text); conn.open(); datatable datatable = new datatable(); adapter = new mysqldataadapter(cmd); adapter.fill(datatable); datagridview1.datasource = datatable; datagridview1.databindings.tostring(); messagebox.show(query);
if understand correctly, wondering why, when output query messagebox, still see @fname in query? if so: query write named sql parameter stay same, , not substituted value put textbox, database replace parameter value, query contain @parametername, in database engine use value of variable.
Comments
Post a Comment