Home/ Questions/Q 650985
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T22:06:47+00:00

Using SQL Server 2005 and VB.Net Table1 ID Name Dept 001 Raja IT 002

  • 0

Using SQL Server 2005 and VB.Net

Table1

ID Name Dept

001 Raja IT
002 Ravi CSE
003 Suns IT

Stored Procedure

Create Procedure Selecttable1 As Select ID, Name, Dept from table1

I want to execute the stored procedure with condition like

cmd = new sqlcommand("Exec SelectTable1 where id like  '" & idsearch.Text & "%' ", dbcon)
cmd.ExecuteNonQuery

idsearch.Text – Textbox Input value

When I try to run the above query it was showing error.

How to execute a stored procedure with conditions?

Need Query Help

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You seem to be looking for running a stored procedure with parameters.

    For this both the stored procedure needs to be created with parameters, and the code calling it should pass those in.

    Stored Procedure:

    Create Procedure Selecttable1 
   @inID INT
As Select ID, Name, Dept from table1
WHERE ID = @inID

    Code:

    cmd = new SqlCommand("SelectTable1", dbcon)
cmd.Parameters.Add(new SqlParameter("@inID", idsearch.Text))

    Do not use a construct like in your example ("Exec SelectTable1 where id like '" & idsearch.Text & "%' "), as this is an open SQL Injection vulnerability.

    You should use parameters, as described above in order to avoid this.

    • 0