cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP Business One SQL where clause

former_member597079
Explorer

on ‎11-23-2018 2:50 AM

0 Kudos

Dear All Experts/Gurus,

I am a newbie in the development of SBO. I would like to ask if what is the proper syntax or practice to be use,

for example i have a textbox or combobox and i will used it's value into my SQL Where clause.

            String ocGroupCodeSelectedItem;
            ocGroupCodeSelectedItem = cGroupCode.SelectedItem.ToString();
            Double oGroupCode;

            SAPbobsCOM.Recordset oRecD = default(SAPbobsCOM.Recordset);
            oRecD = oCompany.GetBusinessObject(SAPbobsCOM.BoObjectTypes.BoRecordset);
            String sSql11 = "SELECT GroupCode FROM OCRG WHERE GroupCode = ";


            oRecD.DoQuery(sSql11);

            oGroupCode = oRecD.Fields.Item("GroupCode").Value;
            MessageBox.Show(" " + oGroupCode);

Good Day!

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Johan_H
Active Contributor
‎11-23-2018 7:19 AM

Hi Ryan,

Unfortunately the SDK's code base is quite old, and does not have proper parameter management. To pass the value in a textbox to the query, you will have to do so directly into the query. So something like this:

"SELECT GroupCode FROM OCRG WHERE GroupCode = '" + oGroupCode + "' "

You could try and write your own parameter validation method, to prevent sql injection.

Regards,

Johan

Show replies
Show replies
former_member597079
Explorer
‎11-23-2018 8:11 AM
0 Kudos

Thanks sir

Ask a Question