At night I'm working in MySQL and days now my job is to convert Access to SQL Server and build some webapps around them, so please forgive me for the simpleness of this.
I have a connection to a remote server that has a table with some data (all imported). However the column names have spaces in them. So when I perform my query...
@For Each row in db.Query(QueryString)
I'm trying to create a row in a table using @:<tr><td>@row.x</td></tr>, however it's failing when x has a space in it. Additionally I tried @row.[x] and it still fails. Any ideas? Or a article/page that can point me in the right direction?
Or maybe use some of those DynamicRecord methods/properties to see what property names the WebMatrix data framework is converting those column names to?
Well, I took the better option of removing the spaces (Apparently I have more control over the data then I previously had thought). However I'm having an issue trying to parameterize the data...
Dim qfilter = Request.Form("qfilter").ToString
Dim q = Request.Form("q").ToString
Dim db = Database.Open("myConnectionString")
Dim selectQuery = "SELECT * FROM table_name WHERE @0 = @1"
For Each row in db.Query(selectQuery,qfilter,q)
'Code to show results
However I'm not getting any results back....when I output the variables I'm getting the @0 and @1 the way they should be (Payroll and 7748 respectively), however inside the page nothing else is happening.
I don't think you can use parameters as column names. You could just concatenate the column name into the query string, but I'd introduce a level of indirection between your "qfilter" form variable and the SQL query via a known safe set of column names to avoid SQL injection issues.
Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.