on 11-23-2018 2:50 AM
Dear All Experts/Gurus,
I am a newbie in the development of SBO. I would like to ask if what is the proper syntax or practice to be use,
for example i have a textbox or combobox and i will used it's value into my SQL Where clause.
String ocGroupCodeSelectedItem;
ocGroupCodeSelectedItem = cGroupCode.SelectedItem.ToString();
Double oGroupCode;
SAPbobsCOM.Recordset oRecD = default(SAPbobsCOM.Recordset);
oRecD = oCompany.GetBusinessObject(SAPbobsCOM.BoObjectTypes.BoRecordset);
String sSql11 = "SELECT GroupCode FROM OCRG WHERE GroupCode = ";
oRecD.DoQuery(sSql11);
oGroupCode = oRecD.Fields.Item("GroupCode").Value;
MessageBox.Show(" " + oGroupCode);
Good Day!
Hi Ryan,
Unfortunately the SDK's code base is quite old, and does not have proper parameter management. To pass the value in a textbox to the query, you will have to do so directly into the query. So something like this:
"SELECT GroupCode FROM OCRG WHERE GroupCode = '" + oGroupCode + "' "
You could try and write your own parameter validation method, to prevent sql injection.
Regards,
Johan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
99 | |
11 | |
11 | |
6 | |
6 | |
4 | |
4 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.