0

I have the following code in my code behind:

Dim name As String
name.text= Staff.LoadName(StaffID)

The following query in my Class:

Public Function LoadName(ByVal ID As String)
    Dim ds As New DataSet
    Dim SQL As String = ""
    SQL="select name from Staff where StaffID='" & ID & "' " 
    ds = Common.QueryDataByDataset(SQL)
    ds.Tostring()
    Return ds
End Function

But the name.Text doesn't show the value. How to I get the single value and convert it to string to display? Thanks

Improve this question
2
  • Try SQL="select name from Staff where StaffID=" & ID Commented Sep 9, 2013 at 4:52
  • Beware the SQL injection vulnerability of this code - use parameters rather than string concatenation to create queries. Commented Mar 27, 2019 at 6:24

1 Answer 1

Reset to default
2

I am guessing the Common.QueryDataByDataset is from your library or some third party. Assuming it is executing the query and populating the dataset, you should be able to change the last two lines of the LoadName function to this:

String name = ds.Tables.Item("Staff").Rows(0)("name").ToString()
return name

You should add error handling in this method. For example, check to make sure the query returns exactly one result. Also, this method appears to be susceptible to SQL injection: http://en.wikipedia.org/wiki/SQL_injection

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

If I have join with other table, what should I put into Item("")?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.