Click here to Skip to main content
15,914,111 members
Search within:


This Code I Make For Searching But Not Working How Can I Make It Work?
Please Sign up or sign in to vote.
1.00/5 (3 votes)
See more:
ASP.NET
VB
Protected Sub Button8_Click(ByVal sender As Object, ByVal e As EventArgs) Handles Button8.Click
    lnk1.Visible = False
    lnk2.Visible = False
    lnk3.Visible = False
    lnk4.Visible = False
    lnk5.Visible = False
    lnk6.Visible = False
    lnk7.Visible = False
    lnk8.Visible = False
    lnk9.Visible = False
    lnk10.Visible = False

    constr = "Data Source=.\SQLEXPRESS;AttachDbFilename=D:\trust bazar\trust bazar\App_Data\Database1.mdf;Integrated Security=True;User Instance=True"
    conn.ConnectionString = constr
    conn.Open()
    Dim sql = "select count(id) from tuli where cata='" & TextBox1.Text & "' or price ='" & TextBox2.Text & "'or dist = '" & TextBox3.Text & "'"
    Dim comm As New SqlCommand(sql, conn)
    Dim dr As SqlDataReader
    dr = comm.ExecuteReader
    If dr.Read() Then

        If dr.Item(0) <= 5 Then
            lnk1.Visible = True
        ElseIf dr.Item(0) <= 10 Then
            lnk1.Visible = True
            lnk2.Visible = True
        ElseIf dr.Item(0) <= 15 Then
            lnk1.Visible = True
            lnk2.Visible = True
            lnk3.Visible = True
        ElseIf dr.Item(0) <= 20 Then
            lnk1.Visible = True
            lnk2.Visible = True
            lnk3.Visible = True
            lnk4.Visible = True
        ElseIf dr.Item(0) <= 25 Then
            lnk1.Visible = True
            lnk2.Visible = True
            lnk3.Visible = True
            lnk4.Visible = True
            lnk5.Visible = True
        ElseIf dr.Item(0) <= 30 Then
            lnk1.Visible = True
            lnk2.Visible = True
            lnk3.Visible = True
            lnk4.Visible = True
            lnk5.Visible = True
            lnk6.Visible = True
        ElseIf dr.Item(0) <= 35 Then
            lnk1.Visible = True
            lnk2.Visible = True
            lnk3.Visible = True
            lnk4.Visible = True
            lnk5.Visible = True
            lnk6.Visible = True
            lnk7.Visible = True
        ElseIf dr.Item(0) <= 40 Then
            lnk1.Visible = True
            lnk2.Visible = True
            lnk3.Visible = True
            lnk4.Visible = True
            lnk5.Visible = True
            lnk6.Visible = True
            lnk7.Visible = True
            lnk8.Visible = True
        ElseIf dr.Item(0) <= 45 Then
            lnk1.Visible = True
            lnk2.Visible = True
            lnk3.Visible = True
            lnk4.Visible = True
            lnk5.Visible = True
            lnk6.Visible = True
            lnk7.Visible = True
            lnk8.Visible = True
            lnk9.Visible = True
        ElseIf dr.Item(0) <= 50 Then
            lnk1.Visible = True
            lnk2.Visible = True
            lnk3.Visible = True
            lnk4.Visible = True
            lnk5.Visible = True
            lnk6.Visible = True
            lnk7.Visible = True
            lnk8.Visible = True
            lnk9.Visible = True
            lnk10.Visible = True
        End If
    End If
    Panel1.Visible = False
    Panel2.Visible = False
    Panel3.Visible = False
    Panel4.Visible = False
    Panel5.Visible = False
    data(Session("line"))
End Sub
Posted
Updated 28-May-15 9:56am
v2
Add a Solution
Comments
[no name] 28-May-15 15:54pm    
We can't possibly know what it is that you think "not working" means. It might just be that you are using string concatenation to construct your query string incorrectly and opening yourself up to sql injection attacks. But that is just a guess.
Sergey Alexandrovich Kryukov 28-May-15 16:17pm    
This "code" is opposite to programming. Programming is all about abstraction, but you repeat the same line with different object several time. From this point, it's time to trash this anti-code and start writing code...
—SA

3 solutions

A code searched and copy/pasted is never guaranteed to be 100% (or at all) working. This code is (at least to me) unclear... It contains only the code to check the database (if exists!) and then show or hide a few links and so on.

We can also not help you in making the program work. Even if we do something, we can only do something to make it compile. Logical or run-time errors must be removed by you. Also, the author of such blog posts does leave a section for you to post comments or other questions about the article, code or something else (on-topic). So you can use their forum to discuss how to make this code work-able.
 
Share this answer
 
Posted
Comments
Sergey Alexandrovich Kryukov 28-May-15 17:20pm    
I would say if guarantees 100% of maintenance trouble. Anyway, a 5.
And I added more information on the SQL injection part and insist that this "code" is not really code at all. :-)
—SA
Your code leaves you open to SQL injection, use parameterised queries. It looks like your price is being stored as a string, if so don't do that, store it as an appropriate numeric format. Giving your controls generic "lnk1" etc names means it's impossible to properly understand the code.

All those issues aside, your code is doing an exact match, so the cata field needs to match what is in Textbox1 exactly. If you're looking to do a wildcard search you need

where cata like '%searchtexthere%'

Other than that we don't know your data or scheme or what you're putting in your textboxes or if you're getting any errors, you haven't seem to have told us any steps you've taken to debug what is going on so it's hard to offer any particularly specific advice.
 
Share this answer
 
Posted
Comments
Sergey Alexandrovich Kryukov 28-May-15 16:20pm    
5ed. I added more detail on this in Solution 3, please see.
—SA
In addition to Solution 2:

Your approach is wrong from the very beginning. The query composed by concatenation with strings taken from UI. Not only repeated string concatenation is inefficient (because strings are immutable; do I have to explain why it makes repeated concatenation bad?), but there is way more important issue: it opens the doors to a well-known exploit called SQL injection.

This is how it works: http://xkcd.com/327.

Are you getting the idea? The string taken from a control can be anything, including… a fragment of SQL code.

What to do? Just read about this problem and the main remedy: parametrized statements: http://en.wikipedia.org/wiki/SQL_injection.

With ADO.NET, use this: http://msdn.microsoft.com/en-us/library/ff648339.aspx.

Please see my past answers for some more detail:
EROR IN UPATE in com.ExecuteNonQuery();,
hi name is not displaying in name?.

And please see my comment to the question. This code shows that you are not yet ready for UI and database development. I would advise to get general programming experience and understanding, makes some simple exercises on console-only projects.

—SA
 
Share this answer
 
Posted
Updated 28-May-15 10:22am
v2
Comments
Afzaal Ahmad Zeeshan 29-May-15 5:20am    
5 for mentioning the SQL Injection. Apart from that there are many other problems in the code, for example there are a lot of occurrences where he doesn't follow DRY rule. Many others, which filter out as, "Bad code!" for this.
Sergey Alexandrovich Kryukov 29-May-15 10:17am    
Thank you, Afzaal,
This was just in clarification of Solution 2.
—SA
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise
Privacy
Cookies
Terms of Use
Last Updated 28 May 2015
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web04 2.8:2024-05-30:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900