Click here to Skip to main content
15,867,568 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
can i store datareader value in vb.net 2010 to an array? my code is as under
VB
Private Sub ListBox1_SelectedIndexChanged(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles ListBox1.SelectedIndexChanged
    If cn.State = ConnectionState.Open Then
        cn.Close()
    End If
    Try
        cn.Open()
        cmd = New OleDbCommand("select * from notesheet where notesheetno='" & ListBox1.SelectedItem & "'", cn)
        dr = cmd.ExecuteReader

        If dr.HasRows Then
            While dr.Read
                Noteshet.lblfileno.Text = (dr.Item(1).ToString)
                Noteshet.lbluserid.Text = (dr.Item(4).ToString)
                Noteshet.NDATEDateTimePicker.Text = (dr.Item(2).ToString)
                Noteshet.RichTextBox1.Text = (dr.Item(3).ToString)
                Noteshet.NOTESHEETNOTextBox.Text = (dr.Item(0).ToString)
                Noteshet.ComboBox1.Text = (dr.Item(5).ToString)
            End While
        End If
        Noteshet.ComboBox1.Enabled = False
        Noteshet.cmdsubmit.Visible = True
        Noteshet.Button1.Visible = False

        Noteshet.Show()

    Catch ex As Exception
        cn.Close()

    End Try
End Sub
Posted
Updated 15-Oct-15 2:31am
v2
Comments
Richard Deeming 15-Oct-15 10:23am    
Your code is vulnerable to SQL Injection[^].

NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.
ZurdoDev 15-Oct-15 15:06pm    
Sure. Where are you stuck?

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900