working with parameters

S

salih ataoz

hi i need help about parameters

i have a login form and a component

i put username,password texboxes and one login button on
the login form

on the component i drag and drop a oledbconnection name
con and an oledbcommand name cmdSelect

at con properties

connectionstring="Provider=Microsoft.Jet.OLEDB.4.0;Passwor
d="";User ID=Admin;Data
Source=\\Graphicstudio\KUTUKLER\BASIMEVI.mdb;Mode=Share
Deny None;Extended Properties="";Jet OLEDB:System
database="";Jet OLEDB:Registry Path="";Jet OLEDB:Database
Password="";Jet OLEDB:Engine Type=5;Jet OLEDB:Database
Locking Mode=1;Jet OLEDB:Global Partial Bulk Ops=2;Jet
OLEDB:Global Bulk Transactions=1;Jet OLEDB:New Database
Password="";Jet OLEDB:Create System Database=False;Jet
OLEDB:Encrypt Database=False;Jet OLEDB:Don't Copy Locale
on Compact=False;Jet OLEDB:Compact Without Replica
Repair=False;Jet OLEDB:SFP=False"

name=con


at cmdselect
commandtext="SELECT * FROM users WHERE (ID = [@ID])"
commandtype=CommandType.StoredProcedure
connection=con
name=cmdselect



Public Sub baglanti(ByVal Kullaniciadi As String,
ByVal Sifre As String)
'Try

con.Open()

cmdSelect.CommandType = CommandType.StoredProcedure

cmdSelect.CommandText = "select * from USERS where id=
[@id]"

cmdSelect.Parameters("id").Value = 1


Dim dr As OleDb.OleDbDataReader

dr = cmdSelect.ExecuteReader
' MsgBox(dr.FieldCount)

While dr.Read

MessageBox.Show("Baglanti hazir")


End While

dr.Close()
con.Close()
End Sub



WHEN I RUN THE PROJECT THERE IS AN ERROR

An unhandled exception of
type 'System.IndexOutOfRangeException' occurred in
system.data.dll

Additional information: An OleDbParameter with
ParameterName 'id' is not contained by this
OleDbParameterCollection.


WHY
 
A

Armin Zingler

salih ataoz said:
cmdSelect.Parameters("id").Value = 1
[...]
WHEN I RUN THE PROJECT THERE IS AN ERROR

An unhandled exception of
type 'System.IndexOutOfRangeException' occurred in
system.data.dll

Additional information: An OleDbParameter with
ParameterName 'id' is not contained by this
OleDbParameterCollection.


WHY

You did not add a parameter "ID" to the Parameters collection.
 
H

Herfried K. Wagner [MVP]

* "salih ataoz said:
con.Open()

cmdSelect.CommandType = CommandType.StoredProcedure

cmdSelect.CommandText = "select * from USERS where id=
[@id]"

Add the paraneter ti the 'Parameters' collection here!
cmdSelect.Parameters("id").Value = 1 [...]
WHEN I RUN THE PROJECT THERE IS AN ERROR

An unhandled exception of
type 'System.IndexOutOfRangeException' occurred in
system.data.dll

Additional information: An OleDbParameter with
ParameterName 'id' is not contained by this
OleDbParameterCollection.
 
J

JiangZemin

hi,
i dont know exactly how your form is going to accept input,
but it looks like youre setting yourself up for a sql injection hack,
search google for "sql injection"

HTH
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top