Ok what I am doing wrong here.
“SELECT * FROM People where Lastname = + ‘"SearchLastNameTextField.text’”
Trying to write a search feature but not searching
Ok what I am doing wrong here.
“SELECT * FROM People where Lastname = + ‘"SearchLastNameTextField.text’”
Trying to write a search feature but not searching
"SELECT * FROM People where Lastname ='" + SearchLastNameTextField.text + "'"
and maybe even better:
"SELECT * FROM People where Lastname LIKE '%" + SearchLastNameTextField.text + "%'"
Plus, you should always perform queries from user input, in form of PreparedStatements. For security reasons.
First, the pluses are in the wrong places:
"SELECT * FROM People where Lastname = '" + SearchLastNameTextField.text + "'"
Second, you should absolutely not be doing it that way. If someone enters Jones' ; DROP TABLE People ; SELECT 'Whoopsie
into the search box, you are going to be very sorry as your SQL statement will now read:
SELECT * FROM People where Lastname = 'Jones' ; DROP TABLE People ; SELECT 'Whoopsie'
Use a PreparedSQLStatement instead.
I think it must be:
“SELECT * FROM People where Lastname = '” + SearchLastNameTextField.text + “’”
[edit]
Hahaha, that was quick!
3 answers within 10 seconds.
[/edit]