Results 1 to 2 of 2

Thread: I found this code to find a specific record in a table Sql.

  1. May 21st, 2025, 08:05 AM #1
    Manny Somarriba
    Manny Somarriba is offline

    Thread Starter
    Hyperactive Member
    Join Date
    Mar 2001
    Location
    Calgary
    Posts
    273

    I found this code to find a specific record in a table Sql.

    Hi guys, I found this code and modified it to fit in my application. The code searches a specific record to display the result in a label. There is one text box to enter the word to search. Fill up the textboxes and one grid view. But I have found a word or face, I do not know what they are or do. And that is "SearchTerm" I don't know what the meaning is. Here is my code:

    1) Dim command.Parameters.AddWithValue("@SearchTerm", "%" & searchTerm & "%")uery As String = "SELECT Company, Contacts, Telephone, Address, Email, AppoDate, AppoTime, Matters, Solutions

    2) command.Parameters.AddWithValue("@SearchTerm", "%" & searchTerm & "%").

    I appreciate your help and your time in advance. Thank you, wonderful Community guys.
    mannyso
    Reply With Quote Reply With Quote
  2. May 21st, 2025, 08:40 AM #2
    dday9
    dday9 is offline
    Super Moderator dday9's Avatar
    Join Date
    Mar 2011
    Posts
    12,370

    Re: I found this code to find a specific record in a table Sql.

    What you are doing is defining parameters to be used in a parameterized query. Here is the relevant documentation: https://learn.microsoft.com/en-us/do...ter-data-types

    Specifically, you're using the AddWithValue method which will work, although I personally prefer the Add method and set the Value property -or- defining a new Parameter object so that I can be more explicit in the type of parameter I'm using.

    In this case, you're telling your command object that you want to use a parameter named @SearchTerm in your SQL query and you want its value to be the variable searchTerm wrapped in percentage signs which indicates a LIKE search with wildcards before and after the value.

    Take this for example:
    Code:
    Dim searchTerm As String = "Some Value"
Dim commandQuery As String = "SELECT MyTable.* FROM MyTable WHERE MyTable.MyField LIKE @SearchTerm;"
Using connection As New SqlConnection(connectionString)
    Using command As New SqlCommand(commandQuery, connection)
        Dim searchTermParameter As New SqlParameter()
        parameter.ParameterName = "@SearchTerm"
        parameter.SqlDbType = SqlDbType.VarChar
        parameter.Direction = ParameterDirection.Input
        parameter.Value = $"%{searchTerm}%"
        command.Parameters.Add(parameter)
        ' or in your example: command.Parameters.AddWithValue("@SearchTerm", $"%{searchTerm}%")

        connection.Open()
        Using reader As SqlDataReader = command.ExecuteReader()
            ' do something with the results
        End Using
        connection.Close()
    End Using
End Using
    This code queries the SQL table named MyTable where the MyTable.MyField column contains the value: Some Value

    Using parameters in your SQL is very important because it allows for better code reusability and more importantly guards against SQL injection attacks (helpful content).
    "Code is like humor. When you have to explain it, it is bad." - Cory House
    VbLessons | HtmlLessons | CssLessons | Code Tags | Sword of Fury - Jameram
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules


Click Here to Expand Forum to Full Width