Variables Of Parameterized Query
I need the variables for parameterized query of ASP for the following SQL variables.
1. bit
2. tinyint
3. smalldatetime
I googled it but couldn't found anything.
I need the variables for parameterized query of ASP for the following SQL variables.
1. bit
2. tinyint
3. smalldatetime
I googled it but couldn't found anything.
Here is my asp code that queries against an MS SQL 2000 database.All works good except if the string I query for contains an apostrophe like Dog's. I have tried replacing all single quotes with 2 single quotes, but that doesn't work either. What am i doing wrong
Code:
Set objCmd = Server.CreateObject("ADODB.Command")
objCmd.ActiveConnection = Conn
objCmd.CommandType = adCmdText
objCmd.CommandText = "SELECT ISBN" &_
" FROM Books" &_
" WHERE Title LIKE '%' + ? + '%' "
'Create the parameter and populate it.
Set objParam = objCmd.CreateParameter("", adVarChar, adParamInput, 200, "Dog's")
objCmd.Parameters.Append objParam
response.Write(sQuery)
set rsBooks = objCmd.Execute()
I just found out that SQL Injection could be avoided by parameterized queries. Uptill now I've been using simple (concatenation) queries. I have no idea about what parameterized queries are and how to write them. I suppose they have to do something with the SQL procedures. I've tried to google it but couldn't found any useful resource on it. Please explain what parameterized queries are give an example.
View Replies View RelatedIn Access you use "*" + [passed variable] + "*", + can be replaced with &
Calling a parameterized query in Access requires % be used in place of *,
however, all that I have read show dynamic SQL passed to Access:
WHERE [some column] LIKE '" & ASPvar & "' % ORDER BY ...
However, my call is similar to:
conn.qMyLookup strVar, rs
If I modify the query in Access to:
"%" & [passed variable] & "%"
I get all records. If I only put it at the end, as suggested, I only get
matches at the end, not throughout the column. Code:
My code currently works fine. However I want to make some modifications to it to get that best possible outcome for my client(Taxi company). Here is the code logic:
The code code currently has one text field which takes a number(Taxi number) and returns all calls assigned to the taxi number inputed in the text field and returns all, canceled, and pickedup calls by said taxi number within the CURRENT DAY.
Im trying to find out how i can input a taxi number and get returned calls from PREVIOUS DAYS also preferablly going back one WEEK to a MONTH. I hope im clear. If not please inquire for further clarification. Code:
How do I do a Parameterized INSERT SQL Statement for Classic ASP? Complicating matters, I have both a bit column and a text column... Code:
View Replies View RelatedHere is my delima im hoping you can help me with. My code currently works fine. However I want to make some modifications to it to get that best possible outcome for my client(Taxi company). Here is the code logic:
The code code currently has one text field which takes a number(Taxi number) and returns all calls assigned to the taxi number inputed in the text field and returns all, canceled, and pickedup calls by said taxi number within the CURRENT DAY. Im trying to find out how i can input a taxi number and get returned calls from PREVIOUS DAYS also preferablly going back one WEEK to a MONTH. I hope im clear. If not please inquire for further clarification.
Heres my actual code:
Is SQL injection an issue with SP's?
View Replies View RelatedMy code retrieves a username and a password from a form. Then this information is compared to some usernames and passwords that are stored in a database. The important thing here is that the comparison must be case sensitive meaning that "passWord" is not the same thing as "password"
I have this code, working fine in access 2003
SQL = "SELECT * FROM users WHERE StrComp(username_column,'" & entered_username_in_form & "',0) = 0 AND StrComp(password_column,'" & entered_password_in_form & "',0) = 0"
but get the following error when I run it against my sql 2005 database.
[Microsoft][SQL Native Client][SQL Server]'StrComp' is not a recognized built-in function name.
I don't know the corresponding t-sql for the query.
can anyone tell me difference between environment variables and server variables.
View Replies View RelatedI am running a querry on an access database and have set the number of records/page displayed at 20. if there are more than 20 records returned, then 1st page will show the first 20, the next page will show next 20 and so on....
The trouble:
the count of total records displayed is correct and the first page is displayed correctly. But when i click on *Next* to go to the next page, all the records of the database get displayed (not the 2nd page of records from the query).
I am using ASP/MS ACCESS to see how I can query the same database, via 2 formfields.
{name: - search}Textfield 1: - Search by Category
AND/OR By
{name: - searchT}Textfield 2: - Location
Currently,
strSearchwords = Trim(Request.QueryString("search")); where "search" is the name of Textfield1
Which is fine, but how can I set it so that on Submit, the string from search, and searchT are somehow joined together into one string?
I'm not sure how to best describe my problem, so a simple example should help explain things:
I have two arrays, called set1_data and set2_data
if I create a variable like so:
firstPart = "set1"
and then assign like this:
copyOfArray = firstPart & "_data"
how do I make copyOfArray reference the set1_array, as opposed to just a string "set1_array" which is what it's doing?
I've had a good rummage round ye olde Internet but couldn't find anything there must be a keyword or function to achieve this?!?
Is it possible to write sql query to fetch records from
specific record number?
lets say i have one variable and it stores values such as
1,2,3 or so...
if variable contains, i want to fetch records from 1 to
20.
if it contains 2, then records should be from 21 to 40.
for 3, records would be 41 to 60...
what could be the sql for that?
i dont wannna fetch whole table and then filtering
through code..
i have a table called checkrenewal
it has a field called date_renewal
data is stored like this
03/20/2007
05/17/2008
10/21/2006
09/18/2006
09/04/2006
so what i want to do is display only records that are in month of sept for 2006
so there will be 2 records
so next month is Oct 2006 so only display one record
so depending on which month and which year it is display only those records.
I can't write the sum of a certain colum in a table of a db.
<%
sql_Sum_Tax="SELECT SUM(vtax) AS sql_Sum_Tax_RS_Var FROM orderstats
WHERE vcompletedate BETWEEN "& startDate &" AND "& endDate & ";"
Set sql_Sum_Tax_RS = Server.CreateObject("ADODB.Recordset")
sql_Sum_Tax_RS.Open sql_Sum_Tax, conn1
%>
<%=sql_Orders_Placed_RS("sql_Orders_Placed_RS_Var")%>
That last line generates this error:
ADODB.Recordset error '800a0cc1'
Item cannot be found in the collection corresponding to the requested name or ordinal.
i have a table and the fields are
gender
weight
points
the records for example are
Male 55 2.0
Male 60 3.12
Male 65 3.87
Male 70 3.99
so i need to find out the points when the user selects gender and enters the weight
people are allowed to enter weights between 55 and 70
say for example someone enters weight as 55 his points will be 2.0
if someone enters weight as 64 i want the points to be 3.12
I have an Access database of literature that I want to search using an ASP page using multiple search criteria (author, title, year, discipline,etc).
I'm using a form to collect the criteria from the user and then sending it to an ASP page. I'm creating the SQL statement using variables that pick up values passed from the form.
Code:
strSQL = "SELECT * FROM Literature WHERE " & _
"(Author Like '%" & mauthor & "%') AND " & _
"(Title Like '%" & mtitle & "%') AND " & _
"(Journal Like '%" & mjournal & "%') AND "& _
"(ArticleBook Like '%" & mBookOption & "%') AND " & _
"(Year Like '%" & myear & "%') " & _
"ORDER BY Title ASC;"
This would probably work if I used "OR" in my SQL, but I want to be able to use "AND." My problem is that I'm not getting records that have null values in some of these fields.
Ive been working with queries through asp on a mdb file. The biggest problem i have is
that when i query a certian column that had embedded hyperlinks in it, the query also
returns the value of the hyperlink. Is there any way not to have to remove the hyperlinks
in the database and not have them show up on queries? Code:
I am learning ASP from the Wrox Begining E-Commerce book, which uses Visual Basic to create a DLL and it also uses MTS as well.
I have been trying to find hosting not realising the problem with registering custom dll's on server and know realise that this isn't the best way to do this.
I wanted to know if there was anything i could do to change this. I have read a little bit about the Global.isa file but am not sure about this.
Could i just transfer all the code into the global.isa and then use it like this.
My website access a sql database and uses a mts pipeline for order processing.
I don't have enough experience of ASP to re-write this code and am not sure of what to do.
I have tried searching the web but am not really finding any solutions that I understand.
I have one table with date field in sql server2000.I want to write one sql query statement that fetch last three months data from the current month..
View Replies View RelatedI am trying to have the SQL query select from a table where two conditions exist.
The line:
Code:
SQL = "SELECT * FROM CompsIn WHERE Out = -1 "
Works, but I want to have it also select from compsin where UserGroup = Session("UserGroup")
Until I connect the login and the CompsOut pages,adding Where UserGroup='CSU836'
will work just fine.
i have a table called Cars which has fields like this
Car_Id
Purchase_Date
Purchase_Date has datatype as datetime in sql server
i have 2 fields on the form where the user enters the year and month and then submits the form on the next form i get the year and month like this
year=2005
month=02
i want to fire a query to get the car_id
i have numbers in a column say
124
2345
1356
4569
and say 4569 belongs to joseph i want to tell what josephs rank is looking at the values his rank is 1
if 124 belongs to justin then his rank is 4
the more the points the higher the rank can someone tell me how my sql query will be
The following Query causes my CPU Usage to go to 100% and the page will not load: Code:
View Replies View Relatedi have two field CustomerId and a MemberID. what i want is to get the MemberID number for the max CustomerID field take for example Code:
CustomerID MemberId
100 M00
101 M01
102 M02
103 M03
so i want M03
any suggestion how to write this query in sql?
Is there a way to query for a users IP address with classic ASP/VBScript?
I'm building a local app that will feature a simple logging system. I'd like to have any user be able to update a form and when submitted, the page can look up the users IP and know that this update came from "Jeff's Workstation", for example.
There would only be 40 or so users, each of whom has a static IP that I could use to perform the lookup.
Can anyone point me the right direction, or perhaps suggest a better way to approach this problem?
I have a column in a db which has valus separated by , e.g. 1,4,12,5
I want to be able to search the db and return info where a variable has similar values to the ones in the column. So they don't all need to be the same. They could be 18,4,9,199 and the common no. 4 would be matched and info extracted.
I have tried using % in my SQL but it doen't work 100%. (e.g select * from table where column_data LIKE '%"variable"')
I need help with a SQL statement using AND OR properly. Say I want to list all records which are of the type page, state active but belong to different groups. My statement to list from one group might look like this:
Select * From Objects Where rs.Type=0 And rs.State=2 and rs.Group=3
Adding an OR clause, how would I list all groups (say 1-5)? Do I have to specify type, state and group 5 times?
I am trying to compare the students current preference to all of the preferences they have already selected. ie: If they select a preference of '1', and they have already selected that preference before, then they get an error. This is the SQL that I have so far:
SQLPreference = "SELECT DISTINCT [tblStudents.Preference] FROM [tblStudents] WHERE (tblStudents.Student = '" & session("Valid") & "') AND (tblStudents.Preference = '" & Request.Form("Preference") & "');"
Now, this works perfectly when they have already selected that preference... They get the proper error. However, the problem is that if the two don't match up, then I get a 'Exception occurred' error. I know why this is happening... Simply because the SQL statement can't find Request.Form("Preference") in the database, and thus is generating an error. Code:
i have this query but for some reason it is not working... Code:
SQL = "SELECT * FROM " & strTableName & " WHERE category = '" & cat & "' AND
i have a problem with the category part... for some reason it does not read it, but the variable cat is working fine because i had a response.write before and it displays it..
I have a table with 20,000 records that looks like this (I have it sorted by itemid in the image for clarity):
I need a query that will return this out of the table above:
Basically, I don't care about the field "id".
The query needs to find the "itemid"s that are equal in value to each other and then concatenate the respective "catid"s separated by commas.
It needs to somehow loop and do this for all 20,000 records.
Is this even possible?
I'm having trouble thinking how to write a query ... i have two tables customer and contact ...they share a common element of customerID ... their is a login form based on the contactID, contactPassword within the contact table, based on that i want the contactID and customerID of contact, to display the fields of the customer table .
View Replies View Related