Hi all!
I am not very proud to ask this but here is my problem:
string code = "\'13\'"
The string code will have to contain following info:
'51','52','63','other'...
to get certain info from the database. When the querry is parsed these
values will be looked up:
....
compCode in (@code)
....
Can someone tell me why these values are not found in the DB? I figured
out that maybe he puts his own quotes so I tried the following:
"51" -->works (but only for one value?)
" \' 51\' " --does not work
"'51'" --does not work
Does anyone have some ideas how I can look up the right values? THX!
DateTime startDate = new DateTime(2006,12,14,0,0,0);
DateTime endDate = new DateTime(2006,12,15,23,59,59);
string campaignCode = "O850";
string code = "\'13\'"; //,\'51\'
string language = "NL";
string startdate = Convert.ToString(startDate.Year + "-" +
startDate.Month + "-" + startDate.Day);
string enddate = Convert.ToString(endDate.Year + "-" +
endDate.Month + "-" + endDate.Day);
// define connection
sqlConn = new SqlConnection(CONNECTION);
// define query
sqlQuery = "select count(*) as Aantal, sum(talktime) as TalkTime, "
+ "sum(updatetime) as UpdateTime, sum(talktime + updatetime) as
HandleTime "
+ "from [REPORTSERVERRPT].dbo.SOMETHING"
+ "where calldate @startdate and"
+ " calldate < @enddate and "
+ "compCode in (@code) and "
+ "sleutel in ("
+ "select up.sleutel "
+ "from [REPORTSERVER-RPT].dbo.TEST as up "
+ "where up.CampaignName = @campaign and "
+ "up.lang = @language)";
11  1845 
"Elmo" <bv***@concentra.bewrote in message
news:11**********************@n67g2000cwd.googlegr oups.com...
Does anyone have some ideas how I can look up the right values? THX!
SELECT * FROM Table WHERE Field IN ('51','52','63')
That is absolutly not the problem (but thx though ;-))
Maybe following output from sql profiler will help you guys :
Values of my parameters:
INPUT IS :
string code = "13" + "'" + "," +"'" + " 51";
OUPUT IS :
@startDate = '2006-12-14', @endDate = '2006-12-15', @campaign = 'O850',
@language = 'NL', @code = '13'','' 51'
So without asking he puts an extra quote in the string for each single
quote i use
Mark Rae schreef:
"Elmo" <bv***@concentra.bewrote in message
news:11**********************@n67g2000cwd.googlegr oups.com...
Does anyone have some ideas how I can look up the right values? THX!
SELECT * FROM Table WHERE Field IN ('51','52','63')
Ah! I see what you're trying to do. You're trying to do a macro
substitution. You can't do that.
The IN operator is expecting a number of comma delimited parameters (sort
of). You're passing one parameter to it, so it treats it as the first item
in the list - not as a list of many items. I haven't explained that too
well; but I hope you see what I'm getting at.
I'm afraid you'll just have to type in the individual values.
Of course, if you can retrieve the values from a table, you can do a
subselect inside the IN operator's brackets; which could save you some
typing, I suppose.
HTH
Peter
"Elmo" <bv***@concentra.bewrote in message
news:11**********************@n67g2000cwd.googlegr oups.com...
Hi all!
I am not very proud to ask this but here is my problem:
string code = "\'13\'"
The string code will have to contain following info:
'51','52','63','other'...
to get certain info from the database. When the querry is parsed these
values will be looked up:
...
compCode in (@code)
...
Can someone tell me why these values are not found in the DB? I figured
out that maybe he puts his own quotes so I tried the following:
"51" -->works (but only for one value?)
" \' 51\' " --does not work
"'51'" --does not work
Does anyone have some ideas how I can look up the right values? THX!
DateTime startDate = new DateTime(2006,12,14,0,0,0);
DateTime endDate = new DateTime(2006,12,15,23,59,59);
string campaignCode = "O850";
string code = "\'13\'"; //,\'51\'
string language = "NL";
string startdate = Convert.ToString(startDate.Year + "-" +
startDate.Month + "-" + startDate.Day);
string enddate = Convert.ToString(endDate.Year + "-" +
endDate.Month + "-" + endDate.Day);
// define connection
sqlConn = new SqlConnection(CONNECTION);
// define query
sqlQuery = "select count(*) as Aantal, sum(talktime) as TalkTime, "
+ "sum(updatetime) as UpdateTime, sum(talktime + updatetime) as
HandleTime "
+ "from [REPORTSERVERRPT].dbo.SOMETHING"
+ "where calldate @startdate and"
+ " calldate < @enddate and "
+ "compCode in (@code) and "
+ "sleutel in ("
+ "select up.sleutel "
+ "from [REPORTSERVER-RPT].dbo.TEST as up "
+ "where up.CampaignName = @campaign and "
+ "up.lang = @language)";
"Elmo" <bv***@concentra.bewrote in message
news:11**********************@80g2000cwy.googlegro ups.com...
So without asking he puts an extra quote in the string for each single
quote i use
Ah right - yes, that is standard ADO.NET behaviour for string parameters
because a single quote in T-SQL is the string variable delimter. When T-SQL
encounters a single quote, it interprets it as the beginning of a string
variable containing everything which follows until the next single quote is
reached. To get round the obvious problem of what to do with a string
variable need to contain a single quote, one single quote is converted into
two single quotes.
Peter,
Yup, you understand the problems I'm facing... I also thought of this
extra table you described, but after carefull consideration we
(programmers team) decided against that because these values will vary
(depending on the campaign).
Quote -
so it treats it as the first item
in the list - not as a list of many items. I haven't explained that too
well; but I hope you see what I'm getting at.
I'm afraid you'll just have to type in the individual values.
/Quote
Typing the individual values is the best option but I can't allow users
to change sql statements... and we explicitly decided AGAINST dynamic
SQL :(. I also considered parsing every code (51,60,...) individually
but that is not gonna work because null values can occur (not to
mention the performance issues).
"Elmo" <bv***@concentra.bewrote in message
news:11*********************@t46g2000cwa.googlegro ups.com...
Yup, you understand the problems I'm facing... I also thought of this
extra table you described, but after carefull consideration we
(programmers team) decided against that because these values will vary
(depending on the campaign).
Quote -
so it treats it as the first item
>in the list - not as a list of many items. I haven't explained that too
well; but I hope you see what I'm getting at.
I'm afraid you'll just have to type in the individual values.
/Quote
Typing the individual values is the best option but I can't allow users
to change sql statements... and we explicitly decided AGAINST dynamic
SQL :(. I also considered parsing every code (51,60,...) individually
but that is not gonna work because null values can occur (not to
mention the performance issues).
Apologies - I now understand your problem too...
You can get round the problem of creating dynamic SQL client-side, but
you'll have to use a stored procedure instead and create dynamic SQL in
that. Here's an example from AdventureWorks...
CREATE PROCEDURE Person.TestProc
@pstrCriteria varchar(100) = NULL
AS
DECLARE @strSQL nvarchar(4000)
SET @strSQL =
'
SELECT
*
FROM
Person.CountryRegion
WHERE
CountryRegionCode IN (' + REPLACE(@pstrCriteria, '¬', '''') + ')'
EXEC sp_executesql @strSQL
Then, run the following SQL:
Person.TestProc '¬AD¬,¬AE¬,¬AF¬'
The trick is to use a very uncommon character (¬, in this case) to pretend
to be the text delimiter...
I fully appreciate that this looks like a complete hacky kludge - and it
is! - but it works, it's extremely fast, it gets round the problem of
client-side SQL Injection, and I haven't found a neater way so far... :-)
''51'',''52'',''63'',''other''...
(doubled single quotes - Transact-SQL considers them escaped)
should work.
--
HTH,
Kevin Spencer
Microsoft MVP
Bit Player http://unclechutney.blogspot.com
Expect the unaccepted.
"Elmo" <bv***@concentra.bewrote in message
news:11**********************@n67g2000cwd.googlegr oups.com...
Hi all!
I am not very proud to ask this but here is my problem:
string code = "\'13\'"
The string code will have to contain following info:
'51','52','63','other'...
to get certain info from the database. When the querry is parsed these
values will be looked up:
...
compCode in (@code)
...
Can someone tell me why these values are not found in the DB? I figured
out that maybe he puts his own quotes so I tried the following:
"51" -->works (but only for one value?)
" \' 51\' " --does not work
"'51'" --does not work
Does anyone have some ideas how I can look up the right values? THX!
DateTime startDate = new DateTime(2006,12,14,0,0,0);
DateTime endDate = new DateTime(2006,12,15,23,59,59);
string campaignCode = "O850";
string code = "\'13\'"; //,\'51\'
string language = "NL";
string startdate = Convert.ToString(startDate.Year + "-" +
startDate.Month + "-" + startDate.Day);
string enddate = Convert.ToString(endDate.Year + "-" +
endDate.Month + "-" + endDate.Day);
// define connection
sqlConn = new SqlConnection(CONNECTION);
// define query
sqlQuery = "select count(*) as Aantal, sum(talktime) as TalkTime, "
+ "sum(updatetime) as UpdateTime, sum(talktime + updatetime) as
HandleTime "
+ "from [REPORTSERVERRPT].dbo.SOMETHING"
+ "where calldate @startdate and"
+ " calldate < @enddate and "
+ "compCode in (@code) and "
+ "sleutel in ("
+ "select up.sleutel "
+ "from [REPORTSERVER-RPT].dbo.TEST as up "
+ "where up.CampaignName = @campaign and "
+ "up.lang = @language)";
"Kevin Spencer" <sp**@uce.govwrote in message
news:u6**************@TK2MSFTNGP03.phx.gbl...
''51'',''52'',''63'',''other''...
(doubled single quotes - Transact-SQL considers them escaped)
should work.
Should, but shouldn't... at least, not in the context that the OP wishes to
use them...
"Mark Rae" <ma**@markNOSPAMrae.comwrote in message
news:uQ*************@TK2MSFTNGP02.phx.gbl...
Should, but shouldn't...
Sorry, I meant to say "Should, but doesn't..."
Try this...
SET @strCriteria = '51,52,63,other' --input string
--------------------------------
Procedure
if (Left(@strCriteria,1) <',')
set @strCriteria = ',' + @strCriteria
if (Right(@strCriteria,1 ) < ',')
set @strCriteria = @strCriteria + ','
SELECT
*
FROM
Person.CountryRegion
WHERE
charindex( ','+ CountryRegionCode + ',',@strCriteria) <0
EXEC sp_executesql @strSQL
Mark Rae wrote:
"Mark Rae" <ma**@markNOSPAMrae.comwrote in message
news:uQ*************@TK2MSFTNGP02.phx.gbl...
Should, but shouldn't...
Sorry, I meant to say "Should, but doesn't..."
<gi*********@gmail.comwrote in message
news:11*********************@l12g2000cwl.googlegro ups.com...
Try this...
I like it! Thanks very much. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Mosher |
last post by:
Hi all,
I have an issue with php and/or mysql. I have a php form that writes "items"
to a mysql database, including a description of the item. On the mysql
server, "magic_quotes_gpc" is ON.
I...
|
by: Drifter |
last post by:
The quote below is part of the information i want to save to a MS Access
database - or update, as the case may be.
The original database was built a long time ago, and looking at the code for...
|
by: Allan |
last post by:
Please help,
below is my problem. Let's say I have 2 tables, a Products table and a
Colors table that go as follow:
Table Products
prodID Name
1 shirt
2 tshirt
|
by: Joel |
last post by:
Hi,
I incorporated a function in my code that whenever I use a string variable
in an sql statement if the string contains a single quote it will encase it
in double quotes else single quotes.
...
|
by: Tim::.. |
last post by:
Can someone tell me how I convert this simple SQL statement so I can use it
in ASP.NET???
I have an issue with the quotation marks and wondered if there is a simple
rule for converting the sql...
|
by: abracad_1999 |
last post by:
I am trying to populate a table with the following insert query run
through phpmyadmin. When I attempt to run it phpmyadmin just freezes.
After a while "Fatal error: Maximum execution time of 300...
|
by: andy.z |
last post by:
I'm writing a PHP line to the foot of a file using another language. my
problem is I'm not sure how to write it so that the quotes (both single
and double) are corret for PHP to process.
The...
|
by: Dave |
last post by:
Hi guys,
I have just set up a duplicate server running:
apache 2.54, mysql 5.04 and php 5.04
This is the same setup as as the server we are using now, apart from
the hardware inside. I have...
|
by: Einstein30000 |
last post by:
Hi,
in one of my php-scripts is the following query (with an already open
db-connection):
$q = "INSERT INTO main (name, img, descr, from, size, format, cat,
host, link, date) VALUES ('$name',...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |
