ORDER BY and error message is incorrect syntax. i have two code lines for order by .. first code lines work but second code lines doesnt work.

hello friends

my first code lines is below.. but it doesnt work and error message is incorrect syntax near the order.. ??? what should i do ? i have sqldatasource1 and gridview1 for my first code lines and choose datasource of gridview1 is sqldatasource1.. it works when i delete order.. it just works for  "Select * from product where name= '" & Request("TextBox1") & "' and name1= '" & Request("TextBox2") & "' and name2= '" & Request("TextBox3") & "'"quest("TextBox3") & "'"

order = "ORDER BY datetime"  or i have triede for price or name instead of datetime

yeni1 = yeni1 + order

SqlDataSource1.SelectCommand = yeni1 ' Finishing firs code lines

 

my second code line is below.. and it works.. choose datasource of gridview1 is none

Dim cn As New SqlConnection(ConfigurationManager.ConnectionStrings("NORTHWNDConnectionString").ToString)

cn.Open()

Dim yeni, yeni1, yeni2, order As String

yeni = "and CategoryID='" & TextBox2.Text & "'"

yeni1 = "Select * from products where SupplierID= '" & TextBox1.Text & "'"

order = "order by ProductName DESC"

yeni2 = yeni1 + yeni + order

 

Dim Sql As String = yeni2

Dim da As New SqlDataAdapter(Sql, cn)

Dim dt As New Data.DataTable

da.Fill(dt)

GridView2.DataSource = dt

GridView2.DataBind()

cn.Close()


Mark as me if my question or my answer can be helpful for you :)
0
oguzkaygun
6/12/2008 3:52:22 PM
asp.net.web-dev-2008-express 1205 articles. 0 followers. Follow

7 Replies
1142 Views

Similar Articles

[PageSpeed] 18

There must be a space before "order" in "order by" 

 And you really must fix your SQL queries. Your database is at risk. Look up  the term "SQL injection"
 


-- "Mark As Answer" if my reply helped you --
0
gunteman
6/12/2008 3:59:01 PM

you need to have a space before "order" you query will generate SQL statement like this:

Select * from product where name= 'abc' and name1 = 'xyz' and name2 ='dhl'order by ....

you need to put a white space before "order by" key word 


Muhammad M. Mosa Soliman
Software Engineer
0
mosessaur
6/12/2008 4:00:29 PM

hi

i have tried for space

" order by name" there is a space before order :)

besides i have  tried for this.. it is below. but it doesnt work

space=" "

yeni2= yeni1+space+yeni2

sqldatasource1=yeni2


Mark as me if my question or my answer can be helpful for you :)
0
oguzkaygun
6/12/2008 4:06:45 PM

Well, then check what you have in yeni2  when it's ready. Clearly you are still missing some spaces. But your very dangerous SQL queries are worse. If you don't fix them, anyone with access to the page will be able to delete your entire database.


-- "Mark As Answer" if my reply helped you --
0
gunteman
6/12/2008 4:33:07 PM

hi

thank you for your answer :)

i just see ORDER BY name when i have used textbox1.text to display yeni2 what have. so i have solved this problem.. 

if anybody enter DELETE * from table1 to textbox1, will records of my table1 be deleted ? could you give me advice or web site adress of article ?

cheers


Mark as me if my question or my answer can be helpful for you :)
0
oguzkaygun
6/12/2008 5:06:43 PM

 

oguzkaygun:

if anybody enter DELETE * from table1 to textbox1, will records of my table1 be deleted ?

No, but if they enter

';DELETE FROM table1--

Since then the query becomes

 

Select * from products where SupplierID= '';DELETE FROM table1--' ORDER BY etc....
 

-- "Mark As Answer" if my reply helped you --
0
gunteman
6/12/2008 8:01:25 PM

oguzkaygun:
? could you give me advice or web site adress of article ?
 

http://forums.asp.net/p/777624/777624.aspx


-- "Mark As Answer" if my reply helped you --
0
gunteman
6/12/2008 8:03:12 PM
Reply:

Similar Artilces:

i have 5 codes line.. how can i go to 2 code line from 5 code line ??
hello friends i use visual basic for visual web developer and i have below code.. i have 5 codes line.. how can i go to 2 code line from 5 code line ?? c = 0 second line If System.IO.File.Exists("~\resimler\") = True Then c = c +1i want to go to 2 code line from here End If Dim DestinationPath As String = "~\resimler\" & c.ToString & FileUpload1.FileNameMark as me if my question or my answer can be helpful for you :) hello friends i have solved this problem.. my code is below but i have new problem.. error codel line is FileUpload1.PostedFile.Save...

code line :) how can i display source code line in default.aspx.vb ?
hello friends:) hello friends  code line :) how can i display source code line number in default.aspx.vb ? for example 1 2 3 ...... cheers Mark as me if my question or my answer can be helpful for you :) from visual studio tools>options>text editor>basic>genrelform there you select display line numbers Muhanad YOUNISMCSD.NETMy Blog || My Photos || LinkedIn I can tell you for VS2005. Shouldn't be much different... Tools->OptionsIn treeview on the left: Text Editor-> All Languages -> General Then you'll find Display Line numbers...

Should "update code lines" and "insert code lines" be same page.aspx or be different (update.aspx and insert.aspx)??
hi friends Should "update code lines" and "insert code lines" be same page.aspx or be different (update.aspx and insert.aspx)? if i use same page.aspx for this, code lines be 1000 lines in page.aspx.vb but one page connect to masterpage... if i use different *.aspx for this, code line be 500 lines in per *.aspx.vb  for per *.aspx... but two pages connect to masterpage.. So i have almost 60 pages (*.aspx).. if i select different *.aspx for update and insert, my pages will be 120 pages (*.aspx) which one should i select ? which one runs high performance ? co...

AJAX code is not working on line
i have created an ASP.NET page which comunicate with JavaScript code, that retrives data from .net web service using ajax. The code is working perfectly localy, but once i've uploaded online it keeps giving me a javascript error "that the SunGrid is not defined" (SunGrid is the service class name)" or  "expected ;", the ASPX page and ASMX page in the same directory...at first i used <atlas:servicereference path="~/sungrid.asmx" /> as service path in the script maneger and it didnt work, i also replaced it with th...

what is in-line code vs code-behind?
I hear these terms thrown around alot but cannot find a definition. I am using webmatrix.(is it a step down from Dominatrix?) "In-line" code is classic asp-like server side scripting placed in the aspx file iteself.Code-behind is seperate class files for the aspx / ascx files which get compiled along with the aspx page. Hope this helpsSam CromerSenior .NET Developer the code behind is the code that you write behind the aspx file it will be aspx.vb or cs  the inline code where you place the code in the HTML file for the page......!!! what is better ??? ....... it is better to use inl...

how can i i see my error code line and error message without debugging ?
hello friends i use visual basic for visual web developer how can i see to run my one code line or my code lines or see to dont run my one code line or my code lines from default.aspx.vb without (start debugging) or (start without debugging)? i want to see my error code line and error message without debugging cheersMark as me if my question or my answer can be helpful for you :) In the Web.config file, you need to add the <customErrors> element with the mode attribute. Here is the important part of Web.config. <configuration><system.web>   <compilation...

Re: Net::Telnet needs line of code added for fhopen to work with cygwin-perl and IO::Pty module in MSWin
> > It seems that on a MSWin OS there is no way to truly escape > > the infamous CR\LF. > > The TELNET protocol specifies CR LF as an end-of-line. The > Net::Telnet::print() code you mention converts the OS native EOL > to the TELNET EOL. > > If you're using Net::Telnet with a pseudo terminal then yes you > do want the EOL to be just CR. Alternatively you might want to set the pty to raw mode, which disables character translation and gives a more pipe-like semantics. The latest IO-Tty v1.00 has a set_raw() method... > Probably...

in line coding vs code behind
Hi Let me know which methos is secure for coding in line coding  or   code behind Please give some fact and refrence Thanks   What do you mean what is more secure they are both .NET code Inline coding and code behind were meant just to separate server side code for client side code, coming to security aspect both don't make any difference as once u'r application is deployed, u'r server side code will be made a DLL The IDE has full support for inline code, which includes IntelliSense not just for code, but for HTML, ASP.NET tags, client script, p...

How to display line numbers next to lines of code
In visual studio 2008 how do I configure the editor so that line numbers are displayed next to my lines of code?      Go To Tools Menu > Options > Select Text Editor in Left Tree > Expand this node to "All Languages" > Check the "Line Numbers" CheckBox which is under "Display" Header on the Right Pane.hope it helps./. Thanx, [KaushaL] || BloG || Profile || Microsoft MVP"I would love to change the world, but they won’t give me the source code"Don't forget to click "Mark as Answer" on the post that helped you....

This easy 2 lines in 1 line of code
Dim myDate As Date = Now todaysdate.text = FormatDateTime(myDate,vblongdate) cant this be done in 1 line of code? "Only when we are no longer afraid do we begin to live" -D. Thompson // f bush. ----------- "No man succeeds without a good woman behind him. Wife or mother, if it is both, he is twice blessed indeed." -Harold MacMillan No it cant. How about todaysdate.text = FormatDateTime(Now,vblongdate). You can eliminate the variable entirely.. of course if you need the variable then you must declare it and initialize it on a seperate line. ...

How to code HTML tags to automatically 'hang' remaining lines to the right of the first line bullets?
I am working on an ASP.net 2.0 project and have received a Word doc document with several bulleted paragraphs.  I can manually added tags to 'hang' the remaining lines to the right of the first line bullets.Can I code the HTML tags to automatically 'hang' the remaining lines to automatically fit the width of the <td> ?  TIA,Jeffrey After further testing, my question should be on the Text Size of the browser view, not the width. From the Design tab, we should be able to correctly 'hang' the remaining lines to the right of the bullets. ...

Why this code line doens't work?
Hello, I have the following code in the Global.asax: Sub Session_Start(Sender As Object, E As EventArgs) Thread.CurrentThread.CurrentCulture = New CultureInfo("en-US") End Sub The Error I get: "Name 'Thread' is not declared." However when I have this in my aspx code it works: Sub Page_Load(Sender As Object, E As EventArgs) Thread.CurrentThread.CurrentCulture = New CultureInfo("pt-PT") End Sub Why? Can't I set the culture in the Global.asax? Thank You, Miguel Have you add Imports System.Threading statement in your codeSushila Bowalekar PatelVisual ASP/ASP.NET MVP...

Populating Datalist: Works In-Line, not in Code Behind
Hello! I have created the following code: void Page_Load(object sender, System.EventArgs e) { // Get current user ID from Log In info int spUserID = Convert.ToInt32(Session["UserID"]); //Create Where Clause for Stored Procedure string spWhere = "b.userID = " + spUserID + " and a.linkto = b.PatientID"; GetData MedX = new GetData(); dgMedX.DataSource = MedX.ComDataSet(spWhere); dgMedX.DataBind(); } This code works perfectly if I keep it in-line (i.e. as part of my .aspx file). As soon as...

code on stonehenge.com for adding line numbers to code
Dear all, I remember reading how Randal puts the =1= =2= in front of each line of code on his site, but I can't find it again. Anyone remember? Thanks. -- Just getting into the best language ever... Fancy a yourname@perl.me.uk? Just ask!!! <quote who="lohit"> > is this what you are looking for? > $count=1; > while(<INFILE>) { > print OUTFILE "=$count++= $_"; > } It was more like perl -pi -e blah > > On Tue, 1 Mar 2005 11:23:44 -0000 (GMT), Gavin Henry <ghenry@perl.me.uk> > wrote: >> Dear...

To code or not to code?
The rise of Open Source software adoption has brought with it increased awareness of non-proprietary programming technologies. http://www.itnews.com.au/Feature/4593,to-code-or-not-to-code.aspx -- "Never drive faster than your ANGEL can fly" ...

many lines of code in stored procedure & code behind
Hello, I'm using ASP.Net to update a table which include a lot of fields may be around 30 fields, I used stored procedure to update these fields. Unfortunatily I had to use a FormView to handle some TextBoxes and RadioButtonLists which are about 30 web controls. I 've built and tested my stored procedure, and it worked successfully thru the SQL Builder.The problem I faced that I have to define the variable in the stored procedure and define it again the code behind againALTER PROCEDURE dbo.UpdateItems ( @eName nvarchar, @ePRN nvarchar, @cID nvarchar, @eCC nvarchar,@sDate nvarcha...

vb.net code works but not c# code
Hello, I'm trying to insert the metatags dynamically. The following vb code works fine: aspx.vb code: Protected myTag As System.Web.UI.HtmlControls.HtmlGenericControl Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load myTag.Attributes("content") = "test" End Sub In aspx file head: <meta id="myTag" runat="server" /> The above code is working great. But the same thing I'm trying to put in C# which is not working. aspx.cs code: ...

Microsoft Visual C# line of code ~ equiv code in PB
I can't figure what this means. I'm forced to interpret MS Visual C# code to write an interface to an external USB device. Can anyone tell me what the equivalent of this expression in PS would be? byte[] ReadersList = new byte[10]; It's obviously a byte array declaration for a variable with name ReadersList. What does setting " = new byte[10]" do? Thanks for any help! Shawn This C# command creates a byte array allocating 10 elements worth of memory. You should be able to do this in PB: Byte ReadersList[10] Shawn wrote: > I can't fi...

Same code works in web service, but not working when I call it from web page
Any idea about the following?   Error msg: The specified domain either does not exist or could not be contacted.   1. in the web service, I have such code working fine when I debug it:             <WebMethod()> _Public Function SetUserPassword(ByVal userid As String, ByVal oldpwd As String, ByVal newpwd As String) As StringTry     Dim searcher As New System.DirectoryServices.DirectorySearcher()     searcher.Filter = "(&(objectClass=user)(objectCategory=person)(sAMAcco...

Lines of Code
How do we determine lines of code in a powerbuilder application? (PB 6.5/XP) I have a program on my website you can download to do that. goto http://www.topwizprogramming.com/freecode.html and download the sample called Linectr. Lines of code might be interesting for comparing the size of two applications but it is not a good way to measure programmer productivity. The goal of any programmer should be to produce code which performs the business function in as few lines as possible. If I am assigned a task and I find that I can inherit from an existing object and add 5 lines of...

Code Insight get in loop when hovering over certain lines of code
I think this may have something to do with IFDEFs, but if I have identical lines of code and have them in an if else IFDEF, then one of the lines of code goes into a loop when I hover over an object. It stutters and makes the windows click sound over and over again like a machine gun. I haven't found the pattern, because often the line of code is one that is active becuase the conditional is set and that line should be the one that compiles. So if I hover over "TObject.Method", instead of showing me it s declaration or any info on it, My arrow cursor flashes repeatedly and it...

What is this line of code?
 In this line of code:             Dim strProvince As String = CType(frmV.DataItem, DataRowView)("Province")What is the  ("Province") part? This is from a sample I am working with, and I think it will compile, but I don't recognize that last element.  It is initializing a string, but I don't think I've seen that syntax before?Nick  NickPupNOSPAMnickpup@hotmail.com You know that syntax. Think of it this way:Datarowview myview = CType(frmV.DataItem, DataRowView)Dim strProvince as string = myview("provin...

why does my code fail on the picture upload line
hi guys, any help on a sunday afternoon would be appreciated! :)   Protected Sub DetailsView1_ItemInserting(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.DetailsViewInsertEventArgs) Handles DetailsView1.ItemInserting ' Reference the FileUpload controlsDim PictureUpload As FileUpload = CType(ObjectDataSource1.FindControl("PictureUpload"), FileUpload) If PictureUpload.HasFile Then ' Make sure that a JPG has been uploadedIf String.Compare(System.IO.Path.GetExtension(PictureUpload.FileName), ".jpg", True) <> 0 AndAlso _ St...

Lines, what lines?
Given all the talk about high voter turnout, I got to the polls about 15 minutes after they opened at 7:15am. This was about the same time I went in 2006. The line today was about the same as then. It took about 30 minutes to vote for McCain and go. By the time I left, the line was about 30% shorter. Weather was good and parking was adequate. Are the reports of long waits just media hype? Don Abel wrote: > Are the reports of long waits just media hype? Maybe you ought to read Kirt's post in the Mark 8:10 blabla thread. Don Abel wrote: > Are the reports of long waits...

Web resources about - ORDER BY and error message is incorrect syntax. i have two code lines for order by .. first code lines work but second code lines doesnt work. - asp.net.web-dev-2008-express

Politically Incorrect - Wikipedia, the free encyclopedia
This article is about the TV show. For the concept, see political correctness . For other uses, see Politically incorrect (disambiguation) . ...

Incorrect sitting posture - slouching - Flickr - Photo Sharing!
Back pain is the second most common reason people visits their GP (the first is the cold/flu) accounting for more than 7 million consultations ...

Christine O'Donnell on "Politically Incorrect": I've dabbled into witchcraft - YouTube
She was into witchcraft and she hates masturbation. Sounds like a winner to me. This clip was taken from the September 17th episode of Real Time ...

Politically incorrect
Politically incorrect

Brisbane man issued incorrect cremation certificate after council's grave error
... was left questioning whether was given the wrong ashes, after his wife was cremated at a Brisbane cemetery and the council issued an incorrect ...

Michelle Bridges wedding rumours incorrect: Tahiti was just a babymoon
RUMOURS are doing the rounds that Michelle Bridges and Steve &#8220;Commando&#8221; Willis are now married, having secretly tied the knot in ...

Eleven fines per day for incorrect child seat use
... being fined and losing points from their licence for not looking after their kids. A NSW parent will be fined almost every two hours for incorrect ...

Qld nuts recalled over incorrect labelling
A Brisbane wholesaler has pulled containers of pine nuts from supermarket shelves following a potentially deadly labelling error that saw the ...

Politically incorrect cars
Politically incorrect cars

Clive Palmer incorrect on the number of executions in China
Clive Palmer got it wrong when he claimed the Chinese government executes 500,000 people a year.

Resources last updated: 2/17/2016 7:54:30 AM