facing problem while executing vb.net query

Question

Dim con As SqlConnection
        con = New SqlConnection(\"server=chinna; uid=sa; pwd=136018@h; database=icms\")
        con.Open()
        Dim cmd As SqlCommand
            


        

Answer 1

You need to use parameters in your query:

cmd = New SqlCommand("select pass from personal where idno=@param", con)
cmd.Parameters.AddWithValue("param", TextBox1.Text);