Hello,
I am developing ASP.NET 1.1 application against SQL Server 2000 db, where
users have ability to construct their own select criteria (for a where
clause). I already developed a user control where user can select field name,
operator (equals, like, begins with, etc) and value of the search criteria.
This control can already build where clause part. Now I am at the point,
where I need to execute SQL query, but I would really like to be able to use
stored procedures.
As far as I know, I have 2 options: (1) Pass in “where clause” string to SP
(2) Execute SQL Query inside ASP.NET
Are there any other options? If anyone ever had to implement something
similar, I want to hear your comments. Thanks
5  2492 
Hi,
"WebMatrix" <We*******@discussions.microsoft.com> wrote in message
news:02**********************************@microsof t.com... Hello,
I am developing ASP.NET 1.1 application against SQL Server 2000 db, where
users have ability to construct their own select criteria (for a where
clause). I already developed a user control where user can select field
name,
operator (equals, like, begins with, etc) and value of the search
criteria.
This control can already build where clause part. Now I am at the point,
where I need to execute SQL query, but I would really like to be able to
use
stored procedures.
You cannot use a SP for this, the query will change all the time therefore
the engine cannot precalculate the execution path of it. you will have to
submit it as CommandType = Text
One warning I give you is taht you have to be careful with SQL injection,
the query can be injected both in the select as well as in the where clauses
--
Ignacio Machin,
ignacio.machin AT dot.state.fl.us
Florida Department Of Transportation
Sure you can. stored procedures can dynamically execute sql via a number of
functions, include exec and sp_execute.You do lose out on some of the sproc
benefits though (such as cached execution plans)
I'm not sure which I'd use...the difference between the two at the point you
are at is pretty minimal...
Here's an *must read* guide for anyone writing dynamic sql :) http://www.sommarskog.se/dynamic_sql.html
Karl
-- http://www.openmymind.net/ http://www.fuelindustries.com/
"Ignacio Machin ( .NET/ C# MVP )" <ignacio.machin AT dot.state.fl.us> wrote
in message news:uI**************@tk2msftngp13.phx.gbl... Hi,
"WebMatrix" <We*******@discussions.microsoft.com> wrote in message
news:02**********************************@microsof t.com... Hello,
I am developing ASP.NET 1.1 application against SQL Server 2000 db, where
users have ability to construct their own select criteria (for a where
clause). I already developed a user control where user can select field
name,
operator (equals, like, begins with, etc) and value of the search
criteria.
This control can already build where clause part. Now I am at the point,
where I need to execute SQL query, but I would really like to be able to
use
stored procedures.
You cannot use a SP for this, the query will change all the time therefore
the engine cannot precalculate the execution path of it. you will have to
submit it as CommandType = Text
One warning I give you is taht you have to be careful with SQL injection,
the query can be injected both in the select as well as in the where
clauses
--
Ignacio Machin,
ignacio.machin AT dot.state.fl.us
Florida Department Of Transportation
Check this article: http://www.sqlservercentral.com/colu...terproblem.asp
(which I wrote)
You're going to get some "dynamic sql is ok", but I don't like it. Please,
I know the arguments, and don't need another round of it. (or others
reading).
You can use your select screen to create the Xml, which gets passed into the
procedure.
...
If you're using Access. then you have no choice, but to build the SQL.
If you're using Oracle, the last time I used Oracle 9, it was very very
cumbersome to use their XML model.
...
"WebMatrix" <We*******@discussions.microsoft.com> wrote in message
news:02**********************************@microsof t.com... Hello,
I am developing ASP.NET 1.1 application against SQL Server 2000 db, where
users have ability to construct their own select criteria (for a where
clause). I already developed a user control where user can select field
name, operator (equals, like, begins with, etc) and value of the search
criteria. This control can already build where clause part. Now I am at the point,
where I need to execute SQL query, but I would really like to be able to
use stored procedures.
As far as I know, I have 2 options: (1) Pass in "where clause" string to
SP (2) Execute SQL Query inside ASP.NET
Are there any other options? If anyone ever had to implement something
similar, I want to hear your comments. Thanks
You can definitely create dynamic SQL in an SPROC. And I don't beleive you
do suffer from the caching issue (an urban myth these days as SQL no longer
"precompiles" procs, but instead stores execution plans for all queries).
Here is a working example.
create proc RepMetaStateBookList
@year char(5),
@range varchar(10)
as
declare @sql varchar(2000)
set @sql = '
select top 100
Author,
Title,
count(*) Lists
from list l
join list_detail d on l.listID = d.listID
join book b on d.bookID = b.bookID
join author a on b.authorID = a.authorID
where ( list_name like ''%:%' + @year + '%'' )
and left(list_name, 2) in (select code from arlist_dev..state)
' +
case
when @range = 'PK-2' then ' and cast(level_atos as float) <= 2.9 '
when @range = '3-5' then ' and cast(level_atos as float) between 3.0 and
5.9 '
when @range = '6-8' then ' and cast(level_atos as float) between 6.0 and
8.9 '
when @range = '9-12' then ' and cast(level_atos as float) >= 9.0 '
when @range = 'ALL' then ''
end
+ '
group by author, title
having count(*) > 1
order by count(*) desc, author, title '
exec ( @sql )
"WebMatrix" <We*******@discussions.microsoft.com> wrote in message
news:02**********************************@microsof t.com... Hello,
I am developing ASP.NET 1.1 application against SQL Server 2000 db, where
users have ability to construct their own select criteria (for a where
clause). I already developed a user control where user can select field
name,
operator (equals, like, begins with, etc) and value of the search
criteria.
This control can already build where clause part. Now I am at the point,
where I need to execute SQL query, but I would really like to be able to
use
stored procedures.
As far as I know, I have 2 options: (1) Pass in "where clause" string to
SP
(2) Execute SQL Query inside ASP.NET
Are there any other options? If anyone ever had to implement something
similar, I want to hear your comments. Thanks
Hi,
"Karl Seguin [MVP]" <karl REMOVE @ REMOVE openmymind REMOVEMETOO . ANDME
net> wrote in message news:%2****************@TK2MSFTNGP14.phx.gbl... Sure you can. stored procedures can dynamically execute sql via a number
of functions, include exec and sp_execute.You do lose out on some of the
sproc benefits though (such as cached execution plans)
IMO it would be the same, just adding another layer ( has to invoke the
SP ).
I'm not sure which I'd use...the difference between the two at the point
you are at is pretty minimal...
Here's an *must read* guide for anyone writing dynamic sql :)
http://www.sommarskog.se/dynamic_sql.html
Very good article, thanks for the link
--
Ignacio Machin,
ignacio.machin AT dot.state.fl.us
Florida Department Of Transportation This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: alanstew |
last post by:
With the body tag calling out 'window onload', a function with a
'window.open' fails at the 'window.open' line. If I cut out the body
tag, the function executes as normal.
At first I thought it...
|
by: Matt Kruse |
last post by:
http://www.JavascriptToolbox.com/bestpractices/
I started writing this up as a guide for some people who were looking for
general tips on how to do things the 'right way' with Javascript. Their...
|
by: audleman |
last post by:
I'm attempting to build a query that involves a table called "All
Students".
The query is simply
sqlString = "SELECT * FROM All Students"
but I get "Syntax error in FROM clause" when I try...
|
by: Me, Myself, and I |
last post by:
First off, i apologize if my terminology is off...
I am currently in a project that is basically a front-end to a
database. In coding this, I am taking into account that it has the
*potential*...
|
by: WebMatrix |
last post by:
Hello,
I am developing ASP.NET 1.1 application against SQL Server 2000 db, where
users have ability to construct their own select criteria (for a where
clause). I already developed a user...
|
by: roger23 |
last post by:
I get this error
C:\Program
Files\MSBuild\Microsoft\WebDeployment\v8.0\Microsoft.WebDeployment.targets(526,9): error MSB6006: "aspnet_compiler.exe" exited with code 1.
at the end of my build...
|
by: Nathan Gilbert |
last post by:
I am wanting to use javascript to select between different *.css files
dependent on the user's browser. I am also wanting to generate the
html document containing this javascript dynamically using...
|
by: uncensored |
last post by:
Hi,
Sort of new with the whole treeview control and I was wondering is there a way to build a treeview menu using my SQL data I pull from a database instead of having to hard code it into the...
|
by: mowsen |
last post by:
Hello Group,
i'm using a little "ajax" loader script to dynamically load files into
different "div" tags on my main site. the code for this part looks
like:
function loader() {
var args =...
|
by: NeoAlchemy |
last post by:
I am starting to find more web pages that are using a query parameters
after the JavaScript file.
Example can be found at www.opensourcefood.com. Within the source
you'll see: <script...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| | |
