Click here to Skip to main content
15,907,910 members
Search within:


How to search multiple record from table
Please Sign up or sign in to vote.
1.00/5 (1 vote)
How to search multiple records in single text box sepeerated with comma from table and display in grid view using asp.net and vb.net i prepare the code for to display in grid view but i can display only one record at a time i want to display more than one record can anyone help me in this.Below is the existing code

What I have tried:

VB
If txtReferenceNo.Text <> "" Then
            If filter.Trim() = "" Then
                filter = " WHERE ReferenceNo ='" & txtReferenceNo.Text & "'"
            Else
                filter = filter & " AND ReferenceNo ='" & txtReferenceNo.Text & "'"
End if 
End if
Posted
Updated 13-May-16 4:10am
v2
Add a Solution

3 solutions

Your approach is wrong from the very beginning. The query composed by concatenation with strings taken from UI. Not only repeated string concatenation is inefficient (because strings are immutable; do I have to explain why it makes repeated concatenation bad?), but there is way more important issue: it opens the doors to a well-known exploit called SQL injection.

This is how it works: http://xkcd.com/327.

Are you getting the idea? The string taken from a control can be anything, including… a fragment of SQL code.

What to do? Just read about this problem and the main remedy: parametrized statements: http://en.wikipedia.org/wiki/SQL_injection.

With ADO.NET, use this: http://msdn.microsoft.com/en-us/library/ff648339.aspx.

Please see my past answers for some more detail:
EROR IN UPATE in com.ExecuteNonQuery();,
hi name is not displaying in name?.

Now, "search multiple record from table"… is not even a topic. This is a matter of such thing called SQL… :-)

—SA
 
Share this answer
 
Posted
if you are forming the dynamic query in the vb code, ensure that you have taken measures to prevent SQL Injection[^]
refer the below links if you are really care about your application to prevet attacks
sql server - Parameterize an SQL IN clause - Stack Overflow[^]
How to pass sqlparameter to IN()? - Stack Overflow[^]

VB
Dim Filter As String = " Select * from TableName "
       Dim inQuery As String = ""
       Dim csvRefNo As String = txtReferenceNo.Text.Trim.TrimEnd(",").TrimStart(",")
       If Not String.IsNullOrWhiteSpace(csvRefNo) Then
           Dim refNos() As String = csvRefNo.Split(New String() {","}, StringSplitOptions.RemoveEmptyEntries)
           For Each refNo As String In refNos
               inQuery = (inQuery + String.Format("'{0}',", refNo.Replace("'", "")))
           Next
           inQuery = inQuery.Trim.TrimEnd(",")
           inQuery = " where ReferenceNo IN ( " + inQuery + " )"
       End If

       Filter = (Filter + inQuery)
 
Share this answer
 
Posted
If you want to pass comma separated then in your case instead of 
ReferenceNo ='" & txtReferenceNo.Text & "'"
you should use 
ReferenceNo IN  ('" & txtReferenceNo.Text & "')"
 
Share this answer
 
Posted
Comments
saisupraja 13-May-16 3:17am    
Where to add this is this in first filter or second filter ?? i added in both the filters it doesnt show anything
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
search records from multiple columns
Search for a single value in multiple tables
searching multiple words in a table
insert multiple field in multiple column in that first search record
Searching related tables with multiple criteria
ow to search record from multiple column
multiple table searching
SP to select record from multiple table
multiple records in multiple table
Search a single record in a Column among the multiple values

Advertise
Privacy
Cookies
Terms of Use
Last Updated 13 May 2016
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web03 2.8:2024-05-29:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900