Develop Reference

ExecuteReader, Make field variable

I want to make the Data Field a variable I wrote the code as follows. The SQL works but when I try to get the returned value it returns +StrVariable+ if I remove the + then it returns Strvariable literally.
Private Function FUNCTStrSN(StrVariable As String, StrSN As String) As String
Dim sqlConn As SqlConnection
Dim sqlComm As SqlCommand
Dim r As SqlDataReader
Dim sqlstring As String
sqlstring = "Select " + StrVariable + " FROM HistorySNUnit WHERE SN='" + StrSN + "'"
sqlConn = New SqlConnection(DBConnection) : sqlConn.Open() : sqlComm = New SqlCommand(sqlstring, sqlConn) : r = sqlComm.ExecuteReader()
While r.Read()
Dim DBSN As String = CStr(r("StrVariable"))
StrSN = DBSN
End While : r.Close() : sqlConn.Close()
FUNCTStrSN = StrSN
End Function
How do I retrieve the value correctly? Thank you!

Try creating the SQL Command with parameters
Private Function FUNCTStrSN(StrVariable As String, StrSN As String) As String
Dim sqlConn As SqlConnection
Dim sqlComm As SqlCommand
Dim r As SqlDataReader
Dim sqlstring As String
sqlstring = "Select #variable FROM HistorySNUnit WHERE SN=#value"
sqlConn = New SqlConnection(DBConnection) : sqlConn.Open() : sqlComm = New SqlCommand(sqlstring, sqlConn)
sqlComm.Parameters.AddWithValue("#variable", StrVariable)
sqlComm.Parameters.AddWithValue("#value", StrSN)
r = sqlComm.ExecuteReader()
While r.Read()
Dim DBSN As String = CStr(r(StrVariable))
StrSN = DBSN
End While : r.Close() : sqlConn.Close()
FUNCTStrSN = StrSN
End Function

ASP.NET: How to passing multiple QueryString to Gridview as the Parameters

I have a Link contains QueryString like this
http://localhost:11502/Default.aspx?query=123,456
the Question is, how i get the queryof 123,456, etcto passing it to Gridview as the Parameters?
I've do this below but only the first Parameter shown the Data
Dim xSplit As String = Me.Request.QueryString("query").ToString
Dim newtstString = xSplit.Split(",")
For a As Integer = 0 To newtstString.Length
Dim constr As String = Me.STRCONN_STRING.ToString
Using con As New SqlConnection(constr)
Using cmd As New SqlCommand(query)
Using sda As New SqlDataAdapter()
cmd.Connection = con
sda.SelectCommand = cmd
cmd.Parameters.Add("#param", SqlDbType.VarChar).Value = newtstString(a)
Using dt As New DataTable()
sda.Fill(dt)
Me.Gridview1.DataSource = dt
Me.Gridview1.DataBind()
End Using
End Using
End Using
End Using
Next

Data table + session = Shopping cart

GM everybody
i'm finding some issues in the implementation of my shopping cart
The query works but it doesn't store information in session.
Will i fix the query or the problem is the session ?
Here the code :
Dim constr As String = ConfigurationManager.ConnectionStrings("!aCommerce-ConnectionString!").ConnectionString
' Query SQL
Using cmd As New SqlCommand("SELECT Id,NomeProdotto, PrezzoProdotto, Quantità FROM aProdotti WHERE ID='" + Request.QueryString("ID").ToString + "' OR ID='" + Request.QueryString("ID").ToString + "'")
Using sda As New SqlDataAdapter(cmd)
Dim dt As New DataTable()
Session("dt") = dt
sda.Fill(dt)
GridView1.DataSource = dt
GridView1.DataBind()
End Using
End Using
End Using

change you code to below
Dim constr As String = ConfigurationManager.ConnectionStrings("ConnectionString").ConnectionString
Dim con As New SqlConnection()
con.ConnectionString = constr
con.Open()
' Query SQL
Using cmd As New SqlCommand("SELECT Id,PromoCode as NomeProdotto,PromoCodeMessage as PrezzoProdotto, PromoCodeLimit as Quantità FROM EventPromocodetbl WHERE ID=" & Request.QueryString("ID").ToString & "", con)
Using sda As New SqlDataAdapter(cmd)
Dim dt As New DataTable()
sda.Fill(dt)
Dim SessionDt As New DataTable()
SessionDt = Session("dt")
If Not SessionDt Is Nothing Then
If (dt.Rows.Count > 0) Then
Dim dr As DataRow
dr = SessionDt.NewRow()
dr("Id") = dt.Rows(0)("Id").ToString()
dr("NomeProdotto") = dt.Rows(0)("NomeProdotto").ToString
dr("PrezzoProdotto") = dt.Rows(0)("PrezzoProdotto").ToString
dr("Quantità") = dt.Rows(0)("Quantità").ToString
SessionDt.Rows.Add(dr)
End If
Session("dt") = SessionDt
GridView1.DataSource = SessionDt
GridView1.DataBind()
Else
Session("dt") = dt
GridView1.DataSource = dt
GridView1.DataBind()
End If
End Using
End Using
Problem is you are assigning blank DatatTable to session and then you are filling that DataTable using DataAdapter fill method that is issue.

What's wrong with my Count Query asp.net

Public state_name as String
state_name = Textbox1.Text
Dim constr As String = ConfigurationManager.ConnectionStrings("ApplicationServices").ConnectionString
Dim query As String = "SELECT Count(cities) FROM state_table WHERE state_name=" & state_name
Using conn As New SqlConnection(constr)
Using comm As New SqlCommand()
conn.Open()
With comm
.Connection = conn
.CommandText = query
.CommandType = CommandType.Text
End With
Dim count As Int16 = Convert.ToInt16(comm.ExecuteScalar())
Label1.Text = count
End Using
End Using
The code shows an error
Invalid column name 'California'.
But California is already present in my State table, I want to count all the cities comes under state_name= california which I have entered in my State table.
I want the output as
California (3)

You want to use Parameterized Query to avoid SQL Injection.
Dim constr As String = ConfigurationManager.ConnectionStrings("ApplicationServices").ConnectionString
Dim query As String = "SELECT Count(cities) FROM state_table WHERE state_name=#State_Name"
Using conn As New SqlConnection(constr)
Using comm As New SqlCommand()
conn.Open()
With comm
.Connection = conn
.CommandText = query
.CommandType = CommandType.Text
.Parameters.AddWithValue("#State_Name", state_name)
End With
Dim count As Int16 = Convert.ToInt16(comm.ExecuteScalar())
Label1.Text = count
End Using
End Using

Because you didn't surround your variable with quotes. "state_name = '" + state_name + "'"
But, you should use a parameter instead.

How can I use multiple Stored procedures on 1 Sub

I write a code to retrieve to show data from Stored Procedure with ASP.NET like this
Private Sub AutoNumberVerification()
Dim Conn As New SqlConnection(strConn.ToString)
Dim cmd As New SqlCommand()
Try
cmd.Connection = Conn
cmd.CommandType = CommandType.StoredProcedure
Conn.Open()
If (txtProducerID.Text.Trim.Length = 9) Then
cmd.CommandText = "spProductCount"
cmd.Parameters.AddWithValue("#ID", txtProducerID.Text)
End If
Dim da As New SqlDataAdapter(cmd)
Dim dt As New DataTable()
da.Fill(dt)
Dim dr As SqlDataReader = cmd.ExecuteReader()
dt.Load(dr)
If (convertInteger(dt.Rows(0)("estbProducerID").ToString) > 0) Then
cmd.CommandText = "spProductCount"
rdoEstbProducerList.Items.FindByValue(convertInteger(dt.Rows(0)("estbProducerID"))).Selected = True
End If
cmd.CommandText = "spProductCount"
TextBox11.Text = dt.Rows(0)("ALL").ToString
TextBox4.Text = dt.Rows(0)("FOOD").ToString
TextBox5.Text = dt.Rows(0)("DRINKS").ToString
TextBox6.Text = dt.Rows(0)("TAILOR").ToString
TextBox7.Text = dt.Rows(0)("USABLE").ToString
TextBox8.Text = dt.Rows(0)("HERB").ToString
cmd.CommandText = "spProductproveCounts"
TextBox12.Text = dt.Rows(0)("REGISTERED").ToString
Catch ex As Exception
Response.Write("ERROR Load: " & ex.Message)
Finally
Conn.Close()
End Try
End Sub
but it show an error = "REGISTERED" is not belong to the table
how can I use two stored procedures?

Just setting the cmd.CommandText to a stored procedure name will not execute it. You still need to call ExecuteReader after each change to the CommandText