Tech Off Thread

4 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

Simple Question ASP.NET mvc3 (Razor)

Back to Forum: Tech Off
  • User profile image
    Cybermagell​an

    At night I'm working in MySQL and days now my job is to convert Access to SQL Server and build some webapps around them, so please forgive me for the simpleness of this.

    I have a connection to a remote server that has a table with some data (all imported). However the column names have spaces in them. So when I perform my query...

    @For Each row in db.Query(QueryString)

    Next

    I'm trying to create a row in a table using @:<tr><td>@row.x</td></tr>, however it's failing when x has a space in it. Additionally I tried @row.[x] and it still fails. Any ideas? Or a article/page that can point me in the right direction?

    Thanks.

  • User profile image
    DCMonkey

    DynamicRecord class

    @row["x"] ?

    Or maybe use some of those DynamicRecord methods/properties to see what property names the WebMatrix data framework is converting those column names to?

  • User profile image
    Cybermagell​an

    Well, I took the better option of removing the spaces (Apparently I have more control over the data then I previously had thought). However I'm having an issue trying to parameterize the data...

    @CODE
          Dim qfilter = Request.Form("qfilter").ToString
          Dim q = Request.Form("q").ToString
          Dim db = Database.Open("myConnectionString")
          Dim selectQuery = "SELECT * FROM table_name WHERE @0 = @1"
          For Each row in db.Query(selectQuery,qfilter,q)
              'Code to show results
          Next
    END CODE

    However I'm not getting any results back....when I output the variables I'm getting the @0 and @1 the way they should be (Payroll and 7748 respectively), however inside the page nothing else is happening.

    Ideas?

  • User profile image
    DCMonkey

    I don't think you can use parameters as column names. You could just concatenate the column name into the query string, but I'd introduce a level of indirection between your "qfilter" form variable and the SQL query via a known safe set of column names to avoid SQL injection issues.

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.