Sql query based on text search not working

Question

0.00/5 (No votes)

See more:

Hi I am new to programming and trying to develop a software for my business. I have hands on experience of VB6 coding so I decided to use VB .net and MySQL as database.

Problem : A table "State_mast" has only two fields "St_Code" and "Name".
when I try to search something from above St_mast using the query
"Select Name from State_Mast where Name = ' " & TxtState.Text & "'"
nothing is returned, but when I use
"Select Name from State_Mast where ST_Code = ' " & TxtCode.Text & "'"
all data matching the query is returned. St_Code is a numeric field and Name is a text field

full code
SqlQuery = "Select Name from State_Mast where Name = ' " & TxtState.Text & "'"
Sqlcommand = New MySqlCommand(SqlQuery, Conn)
Dim Da As New MySqlDataAdapter
Dim Ds As New DataSet
Da.SelectCommand = Sqlcommand
Da.Fill(Ds, "STATE")
MessageBox.Show(Ds.Tables("STATE").Rows.Count)

I have defined variables and connection string in a module which I have called during the loading of form.

What I have tried:

I have tried differnt things but no success

Posted 30-Nov-17 5:27am

Member 13550326

Updated 3-Dec-17 23:43pm

v2

Add a Solution

Comments

Richard MacCutchan 30-Nov-17 11:38am

What text are you trying to match, and what records exist?

2 solutions

Solution 2

In SQL the like function can be used to get the string with certain matching texts and using wild car characters for the unknown strings(%). For example the query will be looking as follows.
Select Name from State_Mast where Name Like '%text%"

Posted 3-Dec-17 23:43pm

Prashanth Mundath

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Dave Kreskowiak · Accepted Answer · 2017-11-30T06:40:00

First, if St_Code is a numeric field in your table, you're treating the search text as a string in the query. This SHOULD result in an exception generated by the database because of a data type mismatch.

If this code was copied and pasted into this question, there is a space in your WHERE clause between the single quote (') and the text your appending to the query string. Your query looks like this:

Select Name from State_Mast where Name = ' Text'

That little space is probably what's screwing up your query where it's not returning any results.

Also, use parameterized queries, not string concatenation, to build queries! Google for "VB.NET MySQL Parameterized Queries" and "SQL Injection Attack" to find out why what you're doing is so bad.

Using parameterized queries would have also prevented this error from happening at all.