Hey,
Not sure if this is the right group to post this on, so sorry in
advance if it isn't.
I'm using the VS.NET 2005 beta, and am trying to fill one grid, based
on what is selected in the other grid. So, in the SelectionChange d
event, I get the IDs of the selected rows in the first grid, and..
this is where i get stuck :)
This is my statement:
SELECT (SELECT Products.Name FROM Products WHERE Products.ID =
Summary.Product ) AS Product, SUM(Owned) AS Owned, SUM(Maintained) AS
Maintained, SUM(Unlocked) AS Unlocked,
SUM(Vouchers) AS Vouchers
FROM dbo.Summary
WHERE Summary.Office IN (SELECT Office.ID FROM Office WHERE
Office.Company IN ( @Parameter))
GROUP BY Product
ORDER BY Product
What I would like to be able to do, is replace @Parameter, with
several comma seperated Guid values. However, no matter what I do, if
i try to add a parameter, it gets interpreted as one value, and thus
has some difficulty interpretting something two Guids seperated by a
comma.
Is there a way around this? Or do i have to manually code the this to
use an actual SQL statement rather than trying to use parameters?
Any help would be most appreciated, and I hope I've included enough
detail.
Thanks!
Ben
15  21134 
Hi Ben,
First of all, I would like to confirm my understanding of your issue. From
your description, I understand that you need to join some values in the IN
keyword of a SQL statement. If there is any misunderstandin g, please feel
free to let me know.
As far as I know, since we're joining the two strings together, we cannot
use a parameter to do so. The best workaround, I think, is to use a Text
command instead of a stored procedure. We can join the string together in
code and then execute it.
HTH.
Kevin Yu
=======
"This posting is provided "AS IS" with no warranties, and confers no
rights."
Hi Ben,
Yep, this is a chronic problem with databases.
The easiest way is to create sql statement dynamically.
Beware of sql injection possibility - you have to check parameters!
Another solution is to pass a string with Id separated with a char or
something and do the processing on the server.
This is more tedious but you don't have problem with sql injection if done
properly.
--
Miha Markic [MVP C#] - RightHand .NET consulting & development
SLODUG - Slovene Developer Users Group www.rthand.com
"Ben" <be**@pronamics .com.au> wrote in message
news:a3******** *************** ***@posting.goo gle.com... Hey,
Not sure if this is the right group to post this on, so sorry in
advance if it isn't.
I'm using the VS.NET 2005 beta, and am trying to fill one grid, based
on what is selected in the other grid. So, in the SelectionChange d
event, I get the IDs of the selected rows in the first grid, and..
this is where i get stuck :)
This is my statement:
SELECT (SELECT Products.Name FROM Products WHERE Products.ID =
Summary.Product ) AS Product, SUM(Owned) AS Owned, SUM(Maintained) AS
Maintained, SUM(Unlocked) AS Unlocked,
SUM(Vouchers) AS Vouchers
FROM dbo.Summary
WHERE Summary.Office IN (SELECT Office.ID FROM Office WHERE
Office.Company IN ( @Parameter))
GROUP BY Product
ORDER BY Product
What I would like to be able to do, is replace @Parameter, with
several comma seperated Guid values. However, no matter what I do, if
i try to add a parameter, it gets interpreted as one value, and thus
has some difficulty interpretting something two Guids seperated by a
comma.
Is there a way around this? Or do i have to manually code the this to
use an actual SQL statement rather than trying to use parameters?
Any help would be most appreciated, and I hope I've included enough
detail.
Thanks!
Ben As far as I know, since we're joining the two strings together, we cannot
use a parameter to do so. The best workaround, I think, is to use a Text
command instead of a stored procedure. We can join the string together in
code and then execute it.
Just be aware of possibility of SQL injection attack :-)
--
Miha Markic [MVP C#] - RightHand .NET consulting & development
SLODUG - Slovene Developer Users Group www.rthand.com
<"Miha Markic [MVP C#]" <miha at rthand com>> wrote: As far as I know, since we're joining the two strings together, we cannot
use a parameter to do so. The best workaround, I think, is to use a Text
command instead of a stored procedure. We can join the string together in
code and then execute it.
Just be aware of possibility of SQL injection attack :-)
To avoid SQL injection, you can build the SQL up dynamically, but still
only use parameters instead of any direct values - insert the values
dynamically as well, basically.
--
Jon Skeet - <sk***@pobox.co m> http://www.pobox.com/~skeet
If replying to the group, please do not mail me too
Jon Skeet [C# MVP] <sk***@pobox.co m> wrote: Just be aware of possibility of SQL injection attack :-)
To avoid SQL injection, you can build the SQL up dynamically, but still
only use parameters instead of any direct values - insert the values
dynamically as well, basically.
Whoops - meant to say "insert the parameter list dynamically as well".
--
Jon Skeet - <sk***@pobox.co m> http://www.pobox.com/~skeet
If replying to the group, please do not mail me too
Hi Jon,
"Jon Skeet [C# MVP]" <sk***@pobox.co m> wrote in message
news:MP******** *************** *@msnews.micros oft.com... Jon Skeet [C# MVP] <sk***@pobox.co m> wrote: > Just be aware of possibility of SQL injection attack :-)
To avoid SQL injection, you can build the SQL up dynamically, but still
only use parameters instead of any direct values - insert the values
dynamically as well, basically.
Whoops - meant to say "insert the parameter list dynamically as well".
Yes. The only problem I see is that you are limited to 2100 parameters :-)
--
Miha Markic [MVP C#] - RightHand .NET consulting & development
SLODUG - Slovene Developer Users Group www.rthand.com
<"Miha Markic [MVP C#]" <miha at rthand com>> wrote: Whoops - meant to say "insert the parameter list dynamically as well".
Yes. The only problem I see is that you are limited to 2100 parameters :-)
Ooh, I didn't know that. Is it documented anywhere? I see that it's
documented for SQL server for stored procedures, but does that also
apply to parameterised text queries?
--
Jon Skeet - <sk***@pobox.co m> http://www.pobox.com/~skeet
If replying to the group, please do not mail me too
Hi Jon,
"Jon Skeet [C# MVP]" <sk***@pobox.co m> wrote in message
news:MP******** *************** *@msnews.micros oft.com... <"Miha Markic [MVP C#]" <miha at rthand com>> wrote: > Whoops - meant to say "insert the parameter list dynamically as well".
Yes. The only problem I see is that you are limited to 2100 parameters
:-)
Ooh, I didn't know that. Is it documented anywhere? I see that it's
documented for SQL server for stored procedures, but does that also
apply to parameterised text queries?
Yes, it applies, trust me, Sql server loves limitations :-)
I will never understand why in the world they don't implement array
parameters.
--
Miha Markic [MVP C#] - RightHand .NET consulting & development
SLODUG - Slovene Developer Users Group www.rthand.com
First of all, it seems your original SQL can be simplified a bit to:
SELECT Products.Name AS Product,
SUM(Summary.Own ed) AS Owned,
SUM(Summary.Mai ntained) AS Maintained,
SUM(Summary.Unl ocked) AS Unlocked,
SUM(Summary.Vou chers) AS Vouchers
FROM
dbo.Summary
inner join Products on Products.ID = Summary.Product
inner join Office on Office.ID = Summary.Office
where Office.Company IN ( @Parameter)
GROUP BY Product
ORDER BY Product
But that doesn't help your problem. However, from your message it seems
that the values are Guids. This is helpful is two ways. First of all, I
really doubt you are asking your users to type in Guids, which pretty much
alleviates SQL injection problem. If you control where the value is coming
from, you can know it isn't going to hack you. Which brings us to the next
question: Then, where does that list come from? If it's coming from the DB,
you might as well just make it another join on the query.
--
Truth,
James Curran
[erstwhile VC++ MVP]
Home: www.noveltheory.com Work: www.njtheater.com
Blog: www.honestillusion.com Day Job: www.partsearch.com
"Ben" <be**@pronamics .com.au> wrote in message
news:a3******** *************** ***@posting.goo gle.com... Hey,
Not sure if this is the right group to post this on, so sorry in
advance if it isn't.
I'm using the VS.NET 2005 beta, and am trying to fill one grid, based
on what is selected in the other grid. So, in the SelectionChange d
event, I get the IDs of the selected rows in the first grid, and..
this is where i get stuck :)
This is my statement:
SELECT (SELECT Products.Name FROM Products WHERE Products.ID =
Summary.Product ) AS Product, SUM(Owned) AS Owned, SUM(Maintained) AS
Maintained, SUM(Unlocked) AS Unlocked,
SUM(Vouchers) AS Vouchers
FROM dbo.Summary
WHERE Summary.Office IN (SELECT Office.ID FROM Office WHERE
Office.Company IN ( @Parameter))
GROUP BY Product
ORDER BY Product
What I would like to be able to do, is replace @Parameter, with
several comma seperated Guid values. However, no matter what I do, if
i try to add a parameter, it gets interpreted as one value, and thus
has some difficulty interpretting something two Guids seperated by a
comma.
Is there a way around this? Or do i have to manually code the this to
use an actual SQL statement rather than trying to use parameters?
Any help would be most appreciated, and I hope I've included enough
detail. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Thomas Philips |
last post by:
I want to access parameters that are passed into a function using the
**kargs idiom. I define f(**kargs) via
def f(**kargs):
print kargs
|
by: Mehul Patel |
last post by:
Our .Net team have been pondering about using keyword.
We are using streams FileStream and BufferedStream. We use using
keyword at FileStream, and not BufferedStream which wraps FileStream.
So bunch of people said what if exception occurs buffered stream is
not closed.
My Argument is over advantages of using 'Using' keyword.
First Advantage being -- Using used for Dispose (Deterministic
|
by: Cybertof |
last post by:
Hello,
What is the difference between :
- adding a new reference to a namespace within the SolutionExplorer
(right click, Add Reference...)
- adding a new reference with the 'using' keyword in the source code
For example, System.Windows.Forms is both in the SolutionExplorer and in
the using statement, some other namespaces are only inside the code.
|
by: Gator |
last post by:
Hi All,
The problem is as following. Porting C++ code to C#. C++ is using
several typedefs. For single .cs file there is no problem, I am using
C# using keyword to declare the type name. However for multiple files
it becomes real annoying. Even though all the classes belong to the
same namespace I still have to declare the same type name again and
again for the each file in the same namespace? Is there any way to
avoid this? I can't...
|
by: Brian Gideon |
last post by:
I stumbled across something odd today about the placement of the using
keyword. Section 9.3.2 of the C# v1.1 specification did not answer my
question. My confusion is isolated to what happens in File1.cs of the
following code. Notice that when the using keyword is placed outside
of the namespace decleration its behavior is different than placing it
inside the namespace decleration.
Questions:
1) Section 9.3.2 of the specification...
| | |
by: INeedADip |
last post by:
Can anyone here confirm for sure that reader.Close() and Dispose() will
get called using the following routine:
using(SqlDataReader reader = GetOpenReaderFunction())
{
while(reader.Read()) doSomething(reader);
}
I have seen examples here and there with mixed assumptions.
|
by: pbd22 |
last post by:
Hi.
I am somewhat new to this and would like some advice.
I want to search my xml file using "keyword" search and
return results based on "proximity matching" - in other words,
since the search string will often not produce a direct match,
the results will be based on proximity (50%, 20% 100%, etc).
are there any good examples out there on how to do keyword
searches on XML data? How should i set up my xml file so
|
by: menmysql |
last post by:
hi to all
i want to send multiple parameters using javascript. i am trying as follows
<a href="./Admin.jsp?per=null?per1=null">
|
by: Mike P |
last post by:
I've recently started using the using keyword for my connections, but I
have just seen some code where you have a using within a using, which is
opening a command :
using (SqlConnection _conn = new
SqlConnection(ConfigurationManager.ConnectionStrings.ToStri
ng()))
{
using (SqlCommand _comm = new
SqlCommand("GetRevenueByOwner", _conn))
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
