Input Box Not Updating
Feb 25, 2008
I have two textboxes on the page...shipdate and duedate. When the page loads, shipdate has today's date loaded and duedate has a date that's 28 days later than today. When I change the dates and submit it's not updating in the database instead I'm getting the two dates in pageload. What am I doing wrong?Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
ShipDateTxt.Text = Today()
DueDateTxt.Text = DateAdd(DateInterval.Day, 28, Today())
End SubProtected Sub LoanRequest_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles LoanRequest.Click
Dim conn As New Data.SqlClient.SqlConnection(ConfigurationManager.ConnectionStrings("TrainUserConnectionString").ConnectionString)Dim cmd As New Data.SqlClient.SqlCommandWith cmd
.Connection = conn
.CommandType = Data.CommandType.StoredProcedure
.CommandText = "UpdateloanerInfo".Parameters.AddWithValue("@requestorid", Integer.Parse(Request.QueryString("requestorid")))
.Parameters.AddWithValue("@shipdate", ShipDateTxt.Text).Parameters.AddWithValue("@duedate", DueDateTxt.Text)
End With
Here's updateloanerinfo stored procedure:
@requestorid int,
@shipdate datetime,
@duedate datetime
AS update LibraryRequest
set
[shipdate] = @shipdate,
[duedate] = @duedate
Where requestorid=@requestorid
View 3 Replies
ADVERTISEMENT
May 19, 2014
Is it possible to assign to a column a value passed as a parameter?
When I run the proc I get the following error :
Msg 245, Level 16, State 1, Procedure Transfer, Line 17
Conversion failed when converting the varchar value '@ID' to data type int.
----####################################################
USE [tbldata]
GO
/****** Object: StoredProcedure [dbo].[Transfer] Script Date: 05/19/2014 11:26:38 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER PROCEDURE [dbo].[Transfer](@ID int)
[code].....
View 1 Replies
View Related
Sep 21, 2006
I am very new to SQL Server 2005. I have created a package to load data from a flat delimited file to a database table. The initial load has worked. However, in the future, I will have flat files used to update the table. Some of the records will need to be inserted and some will need to update existing rows. I am trying to do this from SSIS. However, I am very lost as to how to do this.
Any suggestions?
View 7 Replies
View Related
Jan 4, 2006
Using MSDE and OSQL
I begin with:
C:OSQL -D VID -i C:accepted.sql -o C:Resultsaccepted.txt -n -w500 -Usa
That gives me data such as this:
363 Cynthia KY 36
542 Charlene NC 3
594 Amanda NJ 9
592 Robert NJ 54
Then this command to create a table
CREATE TABLE accepted
(
Customer_idnvarchar(50)NULL,
Cust_Namenvarchar(50)NULL,
Cust_Statenvarchar(50)NULL,
Cust_Countnvarchar(50)NULL
)
GO
I've created this BCP format file:
8.0
4
1 SQLCHAR 0 50 "/t" 1 Customer_id SQL_Latin1_General_CP1_CI_AS
2 SQLCHAR 0 50 "/t" 2 Cust_Name SQL_Latin1_General_CP1_CI_AS
3 SQLCHAR 0 50 "/t" 3 Cust_State SQL_Latin1_General_CP1_CI_AS
4 SQLCHAR 0 50 "/r/n"4 Cust_Count SQL_Latin1_General_CP1_CI_AS
Table is created. I can SELECT * FROM accepted and see my column names.
Then I try to BCP into the table using:
C:>BCP sales..east in C:Resultsaccepted.txt -t -f C:cpformataccepted.fmt -Usa -Ppwd
I get this error:
Starting copy...
SQLState = 22001, NativeError = 0
Error = [Microsoft][ODBC SQL Server Driver]String data, right truncation
SQLState = 22001, NativeError = 0
Error = [Microsoft][ODBC SQL Server Driver]String data, right truncation
and so on......
In the .fmt file I've tried "", " ", " " and everthing I could think of as a delimiter. Still no luck. I've tried almost every switch available to both OSQL and BCP.
The data I am trying to BCP is a SQL result so I don't think any special delimiters are placed. I've tried not using the .fmt file and using the prompts but still no luck. Data is CAST in the query and doesn't excede 45 characters.
Hope I've explained my problem well enough.
-Deana
View 11 Replies
View Related
Oct 5, 2006
Hi,I need to input Chinese character into the table of the database. I did try to install/run both Chinese/English version of Visual Studio into Chinese/English version of Server 2003 but it still didn't work.Please help !stephen
View 3 Replies
View Related
Feb 4, 2008
I use txtbox.Text = cmd.ExecuteReader() but it doesn't work. How can I fix it ?
View 4 Replies
View Related
Oct 13, 1999
Can I pass a parameter to a DTS package?
Here is what I am trying to do: Every month we need to import a fixed format text file into one of our tables. The format and location of the file is same every month except for the name. I want to create a DTS package to import it and call this DTS package first thing in a stored procedure(after which I do some processing with this imported data). I want to create the filename in my stored procedure and then call this DTS package to import it.
I am usig DTS as the interface is so much easier and want to avoid bcp :-)
Is it possible?
Thanks in advance,
Nishi
View 1 Replies
View Related
Aug 29, 2000
I am just learning SQL Server and I am stuck with a few things. I was wondering if you can define input masks for columns in the database in SQL Server. I have used this feature many times in Access and on the front end in Oracle Forms. Is there such a thing in SQL Server?? Is it just called something different.....? I will be trying to format telephone numbers and dates. Thank you for you time.
Nadine Sinclair
View 1 Replies
View Related
Aug 14, 2002
Hi all,
Can anyone tell me about how to prompt a user to type when running a sql statement through query analyzer.
thanks
Jay
View 1 Replies
View Related
Apr 18, 2008
create function quantprice
( @itemnmbr varchar(50), @startdate datetime, @enddate datetime)
RETURNS TABLE
AS
RETURN
(Select distinct t.itemnmbr,t.totalprice as totalcost
from
(
select distinct
vs.itemnmbr, sum(vs.totalsumprce) as totalprice
from vwquantityprice vs
Where vs.itemnmbr = @itemnmbr and (vs.docdate between @startdate and @enddate)
group by vs.itemnmbr
) as t
)
select * from quantityprice('06-5840','4/1/2007','4/1/2008')
well, guys, i have this function and obviously i will get one row from this in output...with that particular itemnumber but i want multi-itemnmbrs some times in output...some times 2..soemtimes 3...
example,
select * from quantityprice('06-5840,ab-4581,0a-1458,45-0945','4/1/2007','4/1/2008')
can you tell me what condition it will come to get this output..
like in where itemnmbr in('06-5840,ab-4581,0a-1458,45-0945')
and in starting input v ariable @itemnmbr..
create function quantprice
( @itemnmbr varchar(50)..
don't know what condition it will come and where i have to put condition in where clause or in input variable..
any help would be appreciated..thanks a lot!! guys plz reply.
View 17 Replies
View Related
Apr 23, 2008
I have created a query that has a "When" and an "And" function.
I know need to make the query run on user input, i want it to ask for the date, then name to run the query
View 2 Replies
View Related
Nov 1, 2006
Afternoon...
I have a database for a pretend dvd hire company and need to create a query that uses user input as part of the query.
Ie, select * from dvd where actor = 'Tom Cruise';
The 'Tom Cruise' part of the query needs to be user input every time the query is ran... Can you help?
Many thanks in advance!?
View 14 Replies
View Related
May 8, 2007
Hi there,
I'll be going through a training couse for SQL Server next month. The class I'm signed up for is M2780: Maintaining a Microsoft® SQL Server™ 2005. My company uses SQL Server 2000 now and unless I give good reasons to upgrade to 2005, we won't be upgrading. I have very little DBA experience, but since I was told SQL Server is my responsibility, I figured it would make sense to go through some type of training for it. My questions are: Is there enough the same between the two that it makes sense for me to take this class? Are there good business reasons I can give for upgrading? If we don't upgrade is it worth taking a class for 2000 vs 2005?
Thanks for any input.
Marcie
View 2 Replies
View Related
Oct 31, 2007
Need help.
I’m trying to pass inputs from one stored proc to another but I’m having problems in passing them.
First proc (input_passing) should pass the following inputs – FirstName, LastNmae and RecordID to the second proc (input_receive) – then the second proc will diplay the outcome – YES/NO if there is a match.
------------------------------------------------------------------------------------------
First proc (input_passing)
-------------------------------------------------------------------------------------------------------
DECLARE
@RecordIDVARCHAR(11),
@FirstNameVARCHAR(60),
@LastNameVARCHAR(60)
--DECLARE tbInputs CURSOR FOR
SELECT
RecordID,
FirstName,
LastName
FROM
tbInputs
OPEN tbInputs
FETCH NEXT FROM tbInputs
INTO @RecordID, @FirstName, @LastName
WHILE @@FETCH_STATUS = 0
BEGIN
--GET RECORD
SET @RecordID = RecordID from dbo.tbInputs)
END
FETCH NEXT FROM tbInputs
INTO @RecordID, @FirstName, @LastName
END
CLOSE tbInputs
DEALLOCATE tbInputs
exec input_receive
----------------------------------------------------------------------------------------------------------------- Second proc. (input_receive)
CREATE PROCEDURE input_receive
@RecordIDVARCHAR(11) = NULL,
@FirstNameVARCHAR(50) = NULL,
@LastNameVARCHAR(50) = NULL,
@RecordMatchBIT OUTPUT,
@MatchedOnVARCHAR(400) OUTPUT
AS
-- Declarations
DECLARE @CountINT
DECLARE@FoundBIT
DECLARE @AlertIDDECIMAL(18,0)
DECLARE@AlertCreateDateDATETIME
-- END Declarations
-- ******* Initializations **********
SET @Count = 0
SET @Found = 0
-- DEFAULT to No File Match
SET RecordMatch = 0
SET @MatchedOn = 'NO FOUND'
-- ******* END Initializations **********
-- First check to see if the RecordID Matches
IF( @RecordID IS NOT NULL AND @RecordID <> '' )
BEGIN
IF( CAST( REPLACE(@RecordID, '-', '') AS DECIMAL(18,0)) > 0 )
BEGIN
SELECT @Count = COUNT(*)
FROM tbAlert
WHERE REPLACE(RecordID, '-', '') = REPLACE(@RecordID, '-', '')
IF( @Count > 0 )
BEGIN
SET @RecordMatch = 1
SET @MatchedOn = 'FOUND : RecordID'
RETURN
END
END
END
Josephine
View 1 Replies
View Related
Sep 21, 2006
Hi ,
Im trying to build a package that will copy data from excel to SQL
in a program
unfortunately , when I open the package xml file and I drill into the
oledb destination I see that I have no available input columns
what could be the problem ?
thanks ahead
Eran
p.s
the script:
Dim p As Package = New Package()
Dim e As Executable = p.Executables.Add("DTS.Pipeline.1")
Dim thMainPipe As TaskHost = CType(e, TaskHost)
thMainPipe.Properties("Name").SetValue(thMainPipe, "Data Flow")
Dim dataFlowTask As MainPipe = CType(thMainPipe.InnerObject, MainPipe)
' Create excel connection MANAGER
Dim excelCon As ConnectionManager = p.Connections.Add("EXCEL")
excelCon.Name = "ExcelSourceConn"
excelCon.ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=e: ry ry ry.XLS;Extended Properties=""Excel 8.0;HDR=YES"""
' Create sqldev connection Manager
Dim sqlCon As ConnectionManager = p.Connections.Add("OLEDB")
sqlCon.Name = "sqldevConn"
sqlCon.ConnectionString = "Provider=SQLOLEDB.1;Integrated Security=SSPI;Persist Security Info=False;User ID=sa;Initial Catalog=InsFocus_Admin_Eran;Data Source=SQLDEVSQLDEV"
''create source component
Dim excelSource As IDTSComponentMetaData90 = dataFlowTask.ComponentMetaDataCollection.New()
excelSource.Name = "ExcelSource"
excelSource.ComponentClassID = "DTSAdapter.ExcelSource.1"
Dim excelInstance As CManagedComponentWrapper = excelSource.Instantiate()
excelInstance.ProvideComponentProperties()
excelSource.RuntimeConnectionCollection(0).ConnectionManager = DtsConvert.ToConnectionManager90(p.Connections(0))
excelInstance.SetComponentProperty("AccessMode", 0)
excelInstance.SetComponentProperty("OpenRowset", "business_codes$")
excelCon.AcquireConnection(Nothing)
'excelInstance.ReinitializeMetaData()
excelInstance.ReleaseConnections()
Dim sqldev As IDTSComponentMetaData90 = dataFlowTask.ComponentMetaDataCollection.New()
sqldev.Name = "sqldev"
sqldev.ComponentClassID = "DTSAdapter.OLEDBDestination.1"
Dim sqldevInstance As CManagedComponentWrapper = sqldev.Instantiate()
sqldevInstance.ProvideComponentProperties()
sqldev.RuntimeConnectionCollection(0).ConnectionManager = DtsConvert.ToConnectionManager90(p.Connections(1))
sqldevInstance.SetComponentProperty("AccessMode", 0)
sqldevInstance.SetComponentProperty("OpenRowset", "business_codes")
sqldevInstance.AcquireConnections(Nothing)
sqldevInstance.ReinitializeMetaData()
sqldevInstance.ReleaseConnections()
Dim path As IDTSPath90 = dataFlowTask.PathCollection.New()
path.AttachPathAndPropagateNotifications(excelSource.OutputCollection(0), sqldev.InputCollection(0))
MsgBox(excelSource.OutputCollection.Count)
'For Each input As IDTSInput90 In sqldev.InputCollection
' Dim vInput As IDTSVirtualInput90 = input.GetVirtualInput
' For Each vColumn As IDTSVirtualInputColumn90 In vInput.VirtualInputColumnCollection
' ' Call the SetUsageType method of the design time instance of the component.
' sqldevInstance.SetUsageType(input.ID, vInput, vColumn.LineageID, DTSUsageType.UT_READONLY)
' Next
'Next
Dim app As Application = New Application()
app.SaveToXml("c:myXMLPackage.dtsx", p, Nothing)
View 2 Replies
View Related
Jul 11, 2007
I am trying to get the value of a column in the Input0_ProcessInputRow function and I have the column name.
There has to be an object in the pipeline that will allow me to do this right?
Something like "ComponentMetaData.InputCollection(0).InputColumnCollection([COLUMN NAME])"
Can someone recommend how I would do this. I have tried a few things, but can't seem to get to the Value or ToString of the column I want in this row.
Thanks
View 3 Replies
View Related
Aug 8, 2007
Hi
A script component receives some input. But I just can't get at the first row??
Basically, if i use the NextRow method in the in the Do statement, then it advances the row collection to the second row before it gets into the code inside the loop?? BUT, if I use the EndOfRowset property to define my loop then I get an error:
[PipelineBuffer has encountered an invalid row index value]
I'm guessing this means...I have to call NextRow before i access the data in the collection? But thats retarted because then I miss the first row?? what? What am I missing??
This is the code which works but I miss the first row:
Public Overrides Sub Input0_ProcessInputRow(ByVal Row As Input0Buffer)
Dim strConcept As String
Do While Row.NextRow()
strConcept = Row.concept
updateDb(strConcept)
Loop
End Sub
This is the code which throws the invalid row index error:
Public Overrides Sub Input0_ProcessInputRow(ByVal Row As Input0Buffer)
Dim strConcept As String
Do While Not Row.EndOfRowSet()
strConcept = Row.concept
updateDb(strConcept)
Row.NextRow()
Loop
End Sub
I've put some try catches in there an the error happens on the line which calls Row.concept....?
Can anyone help, it must be something I'm messing up
thanks!!
andy
View 17 Replies
View Related
Sep 19, 2007
I need to validate my input rows. The row is valid if there exist some other input rows in the same table (I am importing data from excel and access). I'll give an example to make everything clear:
Input table boys has following columns:First_Name ,Surname and Date_of_birth.
Output table is Twin_Triple_More_Brothers. I would like to insert into this table only boys that surnames are equal and difference in date of birth is less then one day.
I was thinking about lookup component, but I cannot use it in that way (or I just do not know how).
Maybe someone has an idea how to do this?
Thanks for help.
View 6 Replies
View Related
Mar 17, 2006
If a component requires a sorted input it would seem reasonable that you can check the IsSorted property of the attached input, but this will always return false. I have tried this when connecting the output of the Sort transform to my component, and then check the IsSorted property for this input. It is always false. How can this be, and also how can I see if the path is indeed sorted?
If using a virtual input column in my UI, I get a SortKeyPosition on the columns, but when overriding SetUSageType in the component class I always get zero for the key. Why is the sort information not quite there for me?
View 8 Replies
View Related
Oct 16, 2006
I'm very new to SQL Server so please forgive me if this question is ridiculously simple. I have to upgrade the report engine from one that was used in a legacy VB6 app to a C#.net app. In doing so, I'm looking at assorted reports that came out of the old app. Here is the SQL code for one of them:
SELECT (LTRIM(STR(From_To,10,0)) + '-' + LTRIM(STR(From_To + 49,10,0))) AS Bonus_Earned, COUNT (Empl_ID) AS Men, round(SUM (SumDollars),2) AS Group_Earn, round((SUM (SumDollars) / COUNT (Empl_ID)),2) AS Calc0 FROM (SELECT CONVERT (int, round (SumDollars / 50, 2)) * 50 AS From_To, SumDollars, Empl_ID FROM (SELECT round(SUM (Actual_Hours_Dollars.Incentivedollars * Contract_History.Bonus_Pct / 100), 2) AS SumDollars, employees.Empl_ID FROM ((Employees INNER JOIN Actual_hours_dollars ON Employees.Empl_ID = Actual_Hours_Dollars.Empl_ID_R) INNER JOIN Contracts ON Actual_Hours_Dollars.Contract_ID = Contracts.Contract_No) INNER JOIN Contract_History ON Contracts.Contract_Idx = Contract_History.Contract_Idx_R where employees.empl_idx = (SELECT max(empl_idx) FROM Employees AS OuterEmployees WHERE OuterEmployees.empl_id = employees.empl_id AND outeremployees.Datex = (SELECT max(datex) FROM Employees AS InnerEmployees WHERE InnerEmployees.empl_id = employees.empl_id AND Inneremployees.disabled = 0 AND Inneremployees.Datex < '~EndDate~')) AND Contracts.Datex = (SELECT max(datex) FROM Contracts AS InnerContracts WHERE InnerContracts.contract_no = Contracts.contract_no AND InnerContracts.disabled = 0 and InnerContracts.deleted = 0 AND InnerContracts.Datex < '~EndDate~') AND Actual_hours_dollars.Datex >= '~StartDate~' AND Actual_Hours_Dollars.Datex < '~EndDate~' AND dateadd(month, Contract_History.Monthx - 1, dateadd(year, Contract_History.Yearx - 1900, '01 Jan 1900')) >= '~StartDate~' AND dateadd(month, Contract_History.Monthx - 1, dateadd(year, Contract_History.Yearx - 1900, '01 Jan 1900')) < '~EndDate~' and Actual_Hours_Dollars.IncentiveHours <> 0 GROUP BY employees.empl_ID) AS InnerRS1 GROUP BY ROUND (SumDollars * 2, -2) /2, SumDollars, Empl_ID) AS InnerRS2 GROUP BY From_To
I'm only including it for completeness. The key thing I'd like to draw your attention to are two variables that are clearly input parameters: ~StartDate~ and ~EndDate~.
My question is this: If I want to copy this code into SQL Query Analyzer and run it to see what kind of results I get back, what's the simplest way to define these two input parameters? I'm hoping you could just show me the syntax to define them above the SELECT statement.
Robert Werner
Vancouver, BC
View 4 Replies
View Related
Sep 15, 2006
So I have a person who is adamant in tell me that SQL Server does not run on windows XP.
Now, I have already done all the research on this (i.e. sql server 2000 product page / requirements) and know the answer, but they insist on asking the question, so here it is .....
'Will SQL Server run on Windows XP'
A simple YES or NO will suffice; however, if you want to explain the answer (if it requires one ;) ), please feel free.
View 5 Replies
View Related
May 14, 2007
Is it possible to allow user input via a Reporting Services Report? What I mean is could a report be created that would allow someone using the report to enter a number that would be written to the SQL database?
View 1 Replies
View Related
May 28, 2007
In Visual Web Developer I
have created a data input form based on the documentation I found in the .NET
Framework Class Library (SqlDataSource.InsertCommand Property). Originally my form contained 4 textboxes
(FirstName, LastName, Phone, Email) and worked fine. All this data is nvarchar string data.
When I added a checkbox I
get an error that “String
was not recognized as a valid Boolean�
when the checkbox is checked.
When the checkbox is unchecked the data is input without a problem. This is a bit data field in the table.
Here is my VB code, Insert
Parameters for my SqlDataSource1, and button code:
<script
runat="server">
Private Sub InsertData(ByVal
Source As Object,
ByVal e As
EventArgs)
SqlDataSource1.Insert()
End Sub
</script>
<InsertParameters>
<asp:formParameter Name="FirstName" Type="String" FormField="txtFirstName"/>
<asp:formParameter Name="LastName" Type="String" FormField="txtLastName"/>
<asp:formParameter Name="Phone" Type="String" FormField="txtPhone"/>
<asp:formParameter Name="Email" Type="String" FormField="txtEmail"/>
<asp:formParameter Name="FreeInfo" Type="Boolean" FormField="checkbox1"/>
</InsertParameters>
<asp:Button id="Button1" runat="server" text="Submit" OnClick="insertdata"/>
I suspect that the problem
is with the VB code which will only accept string input data, but don’t know
how to fix it. Any thoughts on how to
fix this problem? Thanks in advance for
any help provided.
View 4 Replies
View Related
Jun 1, 2007
Hi, I need to do the following task, which is described by pseudo-code
SELECT * FROM Customers
SORT BY @SortExpression
How can I do something like it (sorting according to input parameter)
Thanks for any idea
View 4 Replies
View Related
Jun 20, 2007
hy, i wrote an input function to put some data in my database with click of button
it doesnt work and i cant find the mistake =/
anyone of you can help?
now theres one thing that isnt right, and that is that the datasiz of messagetext is set to max, and here i put it in to 50, cause dont know how to put it to max cause you can only put in ant integer
, also in the insert into, i did not put all of the columns cause the data i input is only for certain columns, ( don't think thats a problem)
Greetz
Roy1
2 Private mocon As clsAdocon
3 Dim naam As String
4 Dim type As String
5 Dim folder As String
6 Dim sUDL = ConfigurationManager.ConnectionStrings("masterConnectionString").ConnectionString
7
8 Protected Sub btnopslaan_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnopslaan.Click
9
10 folder = "Out"
11 Select Case True
12 Case rdbMail.Checked
13 type = "Mail"
14 Case rdbFax.Checked
15 type = "Fax"
16 Case rdbSms.Checked
17 type = "Sms"
18 End Select
19
20 If type = "Mail" Then
21 Dim strSql As String
22 strSql = "INSERT INTO Message(ToName, ToEmail, Subject, MessageText, TypeBericht, Folder) VALUES(@ToName,@ToEmail,@Subject,@MessageText,@TypeBericht,@Folder);"
23
24 Try
25 'connectie met database
26 Dim objCn As New SqlConnection(sUDL)
27 Dim objCmd As SqlCommand = objCn.CreateCommand()
28 objCmd.CommandText = strSql
29
30 objCmd.Parameters.Add("@ToName", SqlDbType.NVarChar, 50).Value = naam
31 objCmd.Parameters.Add("@ToEmail", SqlDbType.NVarChar, 50).Value = txtAan.Text
32 objCmd.Parameters.Add("@Subject", SqlDbType.NVarChar, 50).Value = txtOnderwerp.Text
33 objCmd.Parameters.Add("@MessageText", SqlDbType.NVarChar, 50).Value = txtbericht.Text
34 objCmd.Parameters.Add("@Folder", SqlDbType.NChar, 10).Value = folder
35 objCmd.Parameters.Add("@TypeBericht", SqlDbType.NChar, 10).Value = type
36
37 objCn.Open()
38 objCmd.ExecuteNonQuery()
39 objCn.Close()
40 Catch ex As Exception
41
42 End Try
43 End If
44
45 End Sub
View 4 Replies
View Related
Dec 18, 2007
Hi, Just wondering if I could make sure that "hackers" don't tamper with my querystring - which is a parameter for a SQL query. i.e... Dim ListOfValues as string = request.querystring("listOfValues")
'Output would be this: 324234,5445,554654,45632,SQL command : Delete From table where product_id IN (@ListOfValues)
cmd.paramaters.addwithvalue("@ListOfValues", ListOfValues )
How can I validate it so that hackers can't add any characters other than 'numbers' and ' , ' to the sql parameter? I have tried to tryparse the 'ListOfValues ' as an integer - by replacing "," with "" but an integer overflow occured. Any questions or ideas? Thanks
View 6 Replies
View Related
Feb 18, 2008
Hi guys, having a bit of trouble with this. Right now my SELECT statement goes a bit like this (I'm using SqlDataSource): "SELECT [Something],[ProductName] FROM [Products] WHERE ProductName LIKE '%SearchBoxInput.text'AND ProductOnSale='true'" at the moment this just takes out my GridView used to display product data completely - which stands to sense because I'm telling it to select something based on user input. I have my textbox and button on the page, but I'm not entirely sure what I need on the button_click event. Also, if I want to start with a GridView full of values that I narrow down via the search instead of starting with nothing, how would I do this? any help would be most appreciated! Using C# btw mander
View 3 Replies
View Related
Jun 4, 2008
I was just thinking about a situation...
Let's say hypothetically, I have a textbox, that i would like someone to input their email address to be added to a mailing list. I would like to first check to see if that email address exists in the database, rather than run a sql statement to check, and then run the update command, is it better to run an IFEXIST() type thing in sql and do the code there?
View 4 Replies
View Related
Feb 2, 2004
I've got a pretty straightforward search/results suite with several possible search parameters on the search page. I've been using an inline SQL server query with logic on the results page as shown below. How do I convert this kind of conditional logic to a stored procedure?
Dim strWhere
strWhere = " WHERE dbo.""User"".UID IS NOT NULL "
If Not request.querystring("EmployerID") = "" Then
strWhere = strWhere & " AND dbo.""User"".EmployerID = '" & replace(request.querystring("EmployerID"),"'","''") & "'"
End If
If Not request.querystring("AccountNumber") = "" Then
strWhere = strWhere & " AND dbo.""User"".AccountNumber = '" & replace(request.querystring("AccountNumber"),"'","''") & "'"
End If
If Not request.querystring("LastName") = "" Then
strWhere = strWhere & " AND dbo.""User"".LastName = '" & replace(request.querystring("LastName"),"'","''") & "'"
End If
If Not request.querystring("FirstName") = "" Then
strWhere = strWhere & " AND dbo.""User"".FirstName = '" & replace(request.querystring("FirstName"),"'","''") & "'"
End If
DBConn = New OleDbConnection(ConfigurationSettings.AppSettings("ConnStr"))
DBCommand = New OleDbDataAdapter _
("SELECT dbo.""User"".*, Convert(varchar(16), dbo.""User"".DateEntered, 101) AS Created, dbo.Employer.CompanyName, dbo.AccessLevel.AccessLevel AS AccessLevelName FROM dbo.""User"" INNER Join dbo.Employer ON dbo.""User"".EmployerID = dbo.Employer.EmployerID INNER JOIN dbo.AccessLevel ON dbo.""User"".AccessLevel = dbo.AccessLevel.AccessLevelID " & strWhere & " ORDER BY " & strSortField,DBConn)
Thanks in advance?
View 3 Replies
View Related
Nov 24, 2004
Hi,
I am new to ASP.NET so pordon me if my questions seems to be stupid.
I was given an assign to develop a ASP that would return results from a SQL server.
The problem is that part of my query to the SQL server comes from the webform
select a.invnum, a.invdate, a.duedate, a.invamt,a.payamt from vpshead a inner join vendors
b on (a.vendnum = b.vendnum) where (a.vendnum = " & user.text & " ) and (b.vendpass = "
& Pass.text & " ) and (a.payflag <> 'V') and ( (a.invamt <> 0) or (a.payamt <> 0) )and (a.chkno = '') order by a.invdate"
As your can tell I am using the user.text and Pass.text in my query which will come from the web form.
I know this is wrong but how else can I do it?
Thanks
View 3 Replies
View Related
Feb 19, 2005
To: All,
well here's a problem that I encountered, i got a textbox that is used to store the Date of Birth of a user. So when user keys in something, it is store as a string. However i wish to convert it into a datetime so that i can store it into my database. Anybody know of a way to help? i've tried countless methods but doesn't seem to work. Please give me a hand guys.... Thanks
From: iaciz
View 2 Replies
View Related
Jun 6, 2006
This is probably a simple question but i am trying to create a simple function thatfilters sql input. Is the following syntax correct?
Public Shared Function SafeSql(ByVal firstName As String, ByVal lastName As String) As String firstName.Replace("'", "''") lastName.Replace("'", "''")
End Function
many thanks
martin
View 7 Replies
View Related
Jun 9, 2006
I'm trying to connect to a sql database, but I don't know what myserver is in the following code.Dim strConn As String = "server=myserver;database=Northwind"I can't get the code to link up with my Northwind database.I'm running everything locally if that helps.Thanks!Jon
View 2 Replies
View Related