string color = Request.Form["color"];
string SQLquery = "select * from Animals where color='" + @color + "'";
con = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["mycon"].ToString());
con.Open();
System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand(SQLquery, con);
cmd.CommandType = System.Data.CommandType.Text;
cmd.Parameters.Add(new System.Data.SqlClient.SqlParameter("@color", color));
System.Data.SqlClient.SqlDataReader rdr = null;
rdr = cmd.ExecuteReader();
while (rdr.Read())
{
school.Url = (string)rdr["Url"];
}
return school;
No comments:
Post a Comment