Thanks for your detailed response! Is this what you mean I should do?
Sub Submit_Search(ByVal obj As System.Object, ByVal e As
System.EventArgs) Handles btn_submit.Click
'This function gets the part number entered by the user and finds it
in the database, and returns the data for this part number.
'Disable the current display
Label2.Visible = "false"
Table2.Visible = "false"
Label1.Visible = "true"
'Link to database
Using myConnection As New MySqlConnection("server=localhost; user
id=myuser; database=database1; pooling=false;")
myConnection.Open()
'Find the matching part number
Dim strSearch
strSearch = "SELECT part_no, cust_part_no, customer FROM table1
WHERE part_no=" & "search_part_no.Text"
Using sqlComm_search As New MySqlCommand(strSearch,
myConnection)
Using sqlRead As MySqlDataReader =
sqlComm_search.ExecuteReader()
'sqlRead.Read()
'Display the row of data
End Using
End Using
myConnection.Close
End Using
End Sub
But with the above, i get the following error:
Exception Details: MySql.Data.MySqlClient.MySqlException: Unknown
column 'search_part_no.Text' in 'where clause'
And if I remove the quotes around search_part_no.Text, I still get
this error like last time:
Exception Details: MySql.Data.MySqlClient.MySqlException: You have
an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near '' at line 1
I have a look into parameterized statements and stored procedures now.
Thanks!
Helvin
