1

I'm going on a first try with DB query and having a rough time with it.

What I want to do is search a keyword on the TAG col, and find value on PATH col which is on the same row.

When I query select * from scanpath where TAG = 'test';

I was expecting to see entire column value that has same rownum with 'test'

But nothing comes out.

So I queried "select * from scanpath where rownum = 1;".

This query gave me first value of TAG col, but no PATH value came out.

'name' is searched value;

cmdinter.CommandText = String.Format("SELECT * FROM SCANPATH WHERE TAG_STRING = \'{0}\'", name);

OracleDataReader odrinter = cmdinter.ExecuteReader();

while (odrinter.Read())
{
         string path = odrinter["PATH_STRING"].ToString();
         MessageBox.Show("|" + path + "|");
         item = new ListViewItem(name + "|" + path);
         item.Tag = path;
         File_listView.Items.Add(item);
}

I expect to have path_string value that has same rownum with the searched tag_string value.

Gauravsa
  • 6,330
  • 2
  • 21
  • 30
KimMeo
  • 320
  • 1
  • 10
  • Your query is an sql injection attack waiting to happen [What are good ways to prevent SQL injection?](https://stackoverflow.com/questions/14376473/what-are-good-ways-to-prevent-sql-injection) – TheGeneral Jan 16 '19 at 04:09
  • yeah, my code may be very vulnernable , but my job is to make this code work, and this service is running on private network. need help on the query to work first... – KimMeo Jan 16 '19 at 04:23
  • It may help to show a little more information, for example the table definition of `SCANPATH` - its not really that clear what you are trying to achieve. – Dominic Cotton Feb 01 '19 at 12:28

0 Answers0