Prolem with parameter!

Discussion in 'ASP .Net' started by rcoco, Jan 10, 2007.

  1. rcoco

    rcoco Guest

    I'm having an error message sounding like :
    Prepared statement '(@id text)SELECT * from isp_email.staff where @id
    like +txtname.' expects parameter @id, which was not supplied.
    This message appear when I press button to select a row at run time.
    What could be the problem?

    SqlCommand myCommand = new SqlCommand();
    myCommand.Connection=con;
    myCommand.CommandText="SELECT * from isp_email.staff where @id like
    +txtname.Text";
    SqlParameter myparam = new SqlParameter("@id",SqlDbType.Text);
    myparam.Value=ID;
    myCommand.Parameters.Add(myparam);
    SqlDataAdapter myAdapter=new SqlDataAdapter(myCommand);
    DataSet ds = new DataSet();
    myAdapter.Fill(ds);
    con.Open();
    myCommand.ExecuteNonQuery();
    dgupdate.DataSource=ds;
    dgupdate.DataBind();
    con.Close();
    Thank you.
    rcoco, Jan 10, 2007
    #1
    1. Advertising

  2. rcoco

    bpd Guest

    I believe the statement needs to be

    myCommand.CommandText="SELECT * from isp_email.staff where id like"
    + txtname.Text;

    Remove the parameter code.
    Move the last " to after like.


    rcoco wrote:
    > I'm having an error message sounding like :
    > Prepared statement '(@id text)SELECT * from isp_email.staff where @id
    > like +txtname.' expects parameter @id, which was not supplied.
    > This message appear when I press button to select a row at run time.
    > What could be the problem?
    >
    > SqlCommand myCommand = new SqlCommand();
    > myCommand.Connection=con;
    > myCommand.CommandText="SELECT * from isp_email.staff where @id like
    > +txtname.Text";
    > SqlParameter myparam = new SqlParameter("@id",SqlDbType.Text);
    > myparam.Value=ID;
    > myCommand.Parameters.Add(myparam);
    > SqlDataAdapter myAdapter=new SqlDataAdapter(myCommand);
    > DataSet ds = new DataSet();
    > myAdapter.Fill(ds);
    > con.Open();
    > myCommand.ExecuteNonQuery();
    > dgupdate.DataSource=ds;
    > dgupdate.DataBind();
    > con.Close();
    > Thank you.
    bpd, Jan 10, 2007
    #2
    1. Advertising

  3. rcoco

    bpd Guest

    I forgot to add % to the SQL statement. It should be:

    myCommand.CommandText="SELECT * from isp_email.staff where id like %" +
    txtname.Text + "%";

    my apologies...

    bpd wrote:
    > I believe the statement needs to be
    >
    > myCommand.CommandText="SELECT * from isp_email.staff where id like"
    > + txtname.Text;
    >
    > Remove the parameter code.
    > Move the last " to after like.
    >
    >
    > rcoco wrote:
    > > I'm having an error message sounding like :
    > > Prepared statement '(@id text)SELECT * from isp_email.staff where @id
    > > like +txtname.' expects parameter @id, which was not supplied.
    > > This message appear when I press button to select a row at run time.
    > > What could be the problem?
    > >
    > > SqlCommand myCommand = new SqlCommand();
    > > myCommand.Connection=con;
    > > myCommand.CommandText="SELECT * from isp_email.staff where @id like
    > > +txtname.Text";
    > > SqlParameter myparam = new SqlParameter("@id",SqlDbType.Text);
    > > myparam.Value=ID;
    > > myCommand.Parameters.Add(myparam);
    > > SqlDataAdapter myAdapter=new SqlDataAdapter(myCommand);
    > > DataSet ds = new DataSet();
    > > myAdapter.Fill(ds);
    > > con.Open();
    > > myCommand.ExecuteNonQuery();
    > > dgupdate.DataSource=ds;
    > > dgupdate.DataBind();
    > > con.Close();
    > > Thank you.
    bpd, Jan 10, 2007
    #3
  4. rcoco

    bruce barker Guest

    you code allows sql injection it should be:

    myCommand.CommandText=@"
    select *
    from isp_email.staff
    where id like @id + '%'";
    SqlParameter myparam = new SqlParameter("@id",SqlDbType.Text);
    myparam.Value=txtname.Text;
    myCommand.Parameters.Add(myparam);


    -- bruce (sqlwork.com)


    rcoco wrote:
    > I'm having an error message sounding like :
    > Prepared statement '(@id text)SELECT * from isp_email.staff where @id
    > like +txtname.' expects parameter @id, which was not supplied.
    > This message appear when I press button to select a row at run time.
    > What could be the problem?
    >
    > SqlCommand myCommand = new SqlCommand();
    > myCommand.Connection=con;
    > myCommand.CommandText="SELECT * from isp_email.staff where @id like
    > +txtname.Text";
    > SqlParameter myparam = new SqlParameter("@id",SqlDbType.Text);
    > myparam.Value=ID;
    > myCommand.Parameters.Add(myparam);
    > SqlDataAdapter myAdapter=new SqlDataAdapter(myCommand);
    > DataSet ds = new DataSet();
    > myAdapter.Fill(ds);
    > con.Open();
    > myCommand.ExecuteNonQuery();
    > dgupdate.DataSource=ds;
    > dgupdate.DataBind();
    > con.Close();
    > Thank you.
    >
    bruce barker, Jan 10, 2007
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mans
    Replies:
    3
    Views:
    413
    Simon Green
    Jan 28, 2004
  2. roN

    html table prolem

    roN, Feb 6, 2006, in forum: HTML
    Replies:
    2
    Views:
    398
    Martin Clark
    Feb 7, 2006
  3. manish
    Replies:
    1
    Views:
    314
    Christopher Benson-Manica
    Apr 2, 2004
  4. Manpreet
    Replies:
    1
    Views:
    1,355
    Victor Bazarov
    Nov 2, 2004
  5. dgront

    Class hierarchy prolem

    dgront, Feb 10, 2008, in forum: Java
    Replies:
    7
    Views:
    318
    Daniel Pitts
    Feb 11, 2008
Loading...

Share This Page