Hello,
I have the code below to look up a user name. I am trying to use parameters to strengthen against SQL injections. When I run the code below, I get the error: ERROR [42S22] [IBM][System i Access ODBC Driver][DB2 for i5/OS]SQL0206 - Column or global variable @INUSR not found. This happens on the command.executereader line.
Any help as to what I am doing wrong would greatly be appreciated.
Thank you in advance.
dim inName as string = "Roland"
Dim querystring As String = "SELECT * FROM dbfile WHERE usertype = @inUSR"
Using connection As New OdbcConnection(ConfigurationManager.ConnectionStrings("myConnection").ConnectionString)
Dim command As New OdbcCommand(querystring, connection)
command.Parameters.Add("@inUSR", System.Data.SqlDbType.Text).Value = Trim(inName)
connection.Open()
command.ExecuteReader()
reader.Read()
Session("access") = reader("usracc")
End Using