To fix the
SQL Injection[
^] vulnerability in your code, use a parameterized query:
Using dBaseConnection As New OleDbConnection(ConnectionString)
Using dBaseCommand As New OleDbCommand("SELECT * FROM ATTEND.DBF Where date = ?", dBaseConnection)
dBaseCommand.Parameters.AddWithValue("p0", DateTime.Today)
Dim ds As New DataSet()
Dim dataadapter As New OleDbDataAdapter(dBaseCommand)
dataadapter.Fill(ds, "ATTEND")
DataGridView1.DataSource = ds
DataGridView1.DataMember = "ATTEND"
End Using
End Using