I am sure this has been asked a thousand times before in a thousand different ways, but here goes...
I am in need of the ability to prompt users for a From Date and To Date to insert into a WHERE clause in SQL queries. What is the easiest least painful way of accomplishing this? A great many of our customers utilized SQL Server Express or MSDE, so they do not have the full gambit of SQL tools handy. Believe me when I say that I have searched high and low across the internet for this solution. I was hoping I might be able to accomplish this through VB Script or J Script. Or, anything reasonable.
I am new to ASP.NET so pordon me if my questions seems to be stupid.
I was given an assign to develop a ASP that would return results from a SQL server.
The problem is that part of my query to the SQL server comes from the webform
select a.invnum, a.invdate, a.duedate, a.invamt,a.payamt from vpshead a inner join vendors b on (a.vendnum = b.vendnum) where (a.vendnum = " & user.text & " ) and (b.vendpass = " & Pass.text & " ) and (a.payflag <> 'V') and ( (a.invamt <> 0) or (a.payamt <> 0) )and (a.chkno = '') order by a.invdate"
As your can tell I am using the user.text and Pass.text in my query which will come from the web form.
Hi folks, i am lookin for an option in the QA to take user input while executing a query. just like we do in SQLPLUS: SELECT * FROM dept WHERE deptno=$abc here it would ask me for the deptno. I guess it's a very handy feature and we could test our variables and calculations withing the procedures etc.
I would like to setup a query where the user is firstly prompted to input the information e.g. if they are trying to locate a particular person from a telephone database they would be prompted to enter the surname for that person.
I have a problem selecting fields from a table where fields are equal to user input from a listbox. example listbox of zip codes: 33023[red]22300[/red]39844[red]29339[/red]23883[red]38228[/red] user wants to retreive highlight zip codes from database.connection working perfect.Thank you for your help.
just getting started with my first db driven web project... I am using a MySql database with membership and roles and got that working fine. I have tables containing details of courses that users are enrolled on etc. and want to display a list of courses for the user that is signed in, so he can continue lessons on the one of his choice. How do I pass the users name to the database query for a DataList control. So far I have tried lots of variations of the following: <asp:SqlDataSource ID="dsCourses" runat="server" ConnectionString="<%$ ConnectionStrings:xxx %>" ProviderName="<%$ ConnectionStrings:xxx.ProviderName %>" SelectCommand="SELECT c.CourseName FROM courses c, enrolments e WHERE c.CourseID=e.CourseID AND e.Username='<% =User.Identity.Name %>'"></asp:SqlDataSource> <asp:DataList ID="DataList1" runat="server" DataSourceID="dsCourses"> <ItemTemplate> <asp:HyperLink ID="HyperLink1" runat="server" NavigateUrl="Lesson.aspx">'<%# Eval("CourseName") %>'</asp:HyperLink><br /> </ItemTemplate></asp:DataList> </p> However, the <% =User.Identity.Name %> doesn't work here (but it does elsewhere on the page) - not sure why?? The code works fine if I hard code a user name into the select statement. Suggestions pleeeeeese!!
I want to run a sql script that creates some views using "osql". The views in turn refer to user defined functions which need a two-part name reference(MyUser.MyFunction). Is there a way to do this without hardcoding the value of the "MyUser" in the script?
Example..
I want to run a script called myscript.sql using OSQL. The file myscript.sql looks like this..
CREATE view V1 AS SELECT *, UserOwner1.MyFunction1(5) FROM MyTable go
CREATE view V11111 AS SELECT *, UserOwner1.ScalarFunction11111(7) FROM MyTable go
-----
I do not want to hardcode the username (UserOwner1) since it varies from database to database. So when I run this script from command prompt using "osql" I want the ability to supply the value for the username (UserOwner1) which owns the user defined function. How to do this?
This problem would go away if SQLServer 2000 was not so adamant about requiring two part reference to a user defined function.
I am not sure if this has been asked before but I couldn't find any thread talking about this.
Let's say we have a parameter in the .sql input file called @Start_Date, how can we pass the value of a particular date, for example, "02-28-2007" to @Start_Date via SQLCMD? is it possible?
I'm trying to skip the need to write a simple windows application...if things can be achieved via dos command line, that will keep everything simple!
Is it possible to allow user input via a Reporting Services Report? What I mean is could a report be created that would allow someone using the report to enter a number that would be written to the SQL database?
Hi, Just wondering if I could make sure that "hackers" don't tamper with my querystring - which is a parameter for a SQL query. i.e... Dim ListOfValues as string = request.querystring("listOfValues")
'Output would be this: 324234,5445,554654,45632,SQL command : Delete From table where product_id IN (@ListOfValues)
How can I validate it so that hackers can't add any characters other than 'numbers' and ' , ' to the sql parameter? I have tried to tryparse the 'ListOfValues ' as an integer - by replacing "," with "" but an integer overflow occured. Any questions or ideas? Thanks
well here's a problem that I encountered, i got a textbox that is used to store the Date of Birth of a user. So when user keys in something, it is store as a string. However i wish to convert it into a datetime so that i can store it into my database. Anybody know of a way to help? i've tried countless methods but doesn't seem to work. Please give me a hand guys.... Thanks
Hello. I'm using SQL query analyzer to run some queries against anSQL2000 DB. Unfortunately, my previous SQL experience is some OralceSQL I took in school.To put it simply, I'm trying to write a query to pull records thatmatch a variable input. In Oracle, I'd use a substitution variablelike this...SELECT * FROM jobs WHERE jobid = &job_id_to_query;Is this possible under SQL2000? Is this only a feature of SQL*Plus?TIARich
I want to pull dates from my database that are between to set dates i have written a query that does this which looks like this: "SELECT OCH_ID, empno, Selected_OCD, Start_Time, End_Time, Selected_OCDay, Selected_DOM, Selected_Month, Selected_Year FROM dbo.ICT_On_Call_Hours WHERE (CONVERT (datetime, LEFT (Selected_OCD, 2) + '/' + SUBSTRING(Selected_OCD, 4, 2) + '/' + RIGHT (Selected_OCD, 4)) >= CONVERT (datetime, LEFT ('12/02/2007', 2) + '/' + SUBSTRING('12/02/2007', 4, 2) + '/' + RIGHT ('12/02/2007', 4))) AND (CONVERT (datetime, LEFT (Selected_OCD, 2) + '/' + SUBSTRING(Selected_OCD, 4, 2) + '/' + RIGHT (Selected_OCD, 4)) < CONVERT (datetime, LEFT ('14/02/2007', 2) + '/' + SUBSTRING('14/02/2007', 4, 2) + '/' + RIGHT ('14/02/2007', 4)))" This works when the dates are included in the statement but when i try and use parameters to pull them in like this: "SELECT OCH_ID, empno, Selected_OCD, Start_Time, End_Time, Selected_OCDay, Selected_DOM, Selected_Month, Selected_Year FROM dbo.ICT_On_Call_Hours WHERE (CONVERT (datetime, LEFT (Selected_OCD, 2) + '/' + SUBSTRING(Selected_OCD, 4, 2) + '/' + RIGHT (Selected_OCD, 4)) >= CONVERT (datetime, LEFT ('@Choice1', 2) + '/' + SUBSTRING('@Choice1', 4, 2) + '/' + RIGHT ('@Choice1', 4))) AND (CONVERT (datetime, LEFT (Selected_OCD, 2) + '/' + SUBSTRING(Selected_OCD, 4, 2) + '/' + RIGHT (Selected_OCD, 4)) < CONVERT (datetime, LEFT ('@Choice2', 2) + '/' + SUBSTRING('@Choice2', 4, 2) + '/' + RIGHT ('@Choice2', 4)))" I then recieve the following error message why is this? ERROR -------------------> Syntax error converting datetime from character string. Any Help would be greatly appreciated thanks
I have a search page that allows users to type/select values contined within the entry they're looking for. My SELECT statement returns columns in a table that get compared to the user input. So if someone selected Status (Open) then all of the 'Open' Request entries should populate the search page. How do I phrase the SELECT statement to compare values if the user gives them, but ignore the fields where no data was input when it's searching? So a search where no values were entered would return every Request Entry instead of an error; no entry. Thanks!
I'm trying to do something simple that has turned out to be a frustrating problem. I have a field in my report that needs to be populated by user input. Based on this user input, I will use the field in a calculation. The simple solution to me, was to create a custom assembly that has a function that uses Console.Write("Input Data") and Console.readline() to assign the input to a string, and then return that string to the report. This works fine in a test console application, but when I copy and paste the code to my custom assembly, it returns #Error to the report. I've debugged, and found that when I hit F10 on Console.Write("test"); it skips right over it, and nothing happens. It also skips over Console.readline(); with nothing happening. This makes me unable to take the user input and set the textbox equal to that value.
Am I doing this completely wrong? Is there something I'm missing, or just not understanding correcly? It seems like reporting services has to have this option. I'd really appreciate some advice. Thanks!
I need to be able to pass the output of a function to another function as input, where all functions involved are user-defined in-line table-valued functions. I already posted this on Stack Exchange, so here is a link to the relevant code: [URL] ...
I am fairly certain OUTER APPLY is the core answer here; there's *clearly* some way in which does *not* do what I need, or I would not get the null output you see in the link, but it seems clear that there should be a way to fool it into working.
hi, I created a View,like the following: Create View viewSecure as select * from sales.customer go Grant select on viewSecure to Andrew go Exec as login='Andrew' Select * from viewSecure go Revert go Alter Authorization On viewSecure to Jerry go Exec as login='Jerry' Select * from viewSecure go but, I received the error 'SELECT permission denied on object 'Customer', database 'AdventureWorks', schema 'Sales'. Meanwhile, I re-granted Select Privilege to Andrew, I got the same error. I know Alter Authorization command means to change the owner of an object. I got 3 questions need your help. 1. An user owned an object, if he may have no any privileges to this object? 2.Why I got the same error after re-granted Select privilege to Andrew? 3.How to pass privileges from one user to another?
Let's say I have a table with 3 fields: an ID field (primary key, set as an id field, etc.), a Name field (nvarchar50), and an Age field (int). I have a form that has three elements: DropDownList1: This drop down list contains 3 choices- "=", ">", and "<". Age: This text box is where someone would enter a number. Button1: This is the form's submit button. I want someone to be able to search the database for entries where the Age is either equal to ("="), greater than (">"), or less than ("<") whatever number they enter into TextBox1. The code-behind is shown below. The part I'm confused about is that if I load this page, the query works the -first- time. Then, if I try to change the parameters in the form and submit it, I get the following error: "The variable name '@Age' has already been declared. Variable names must be unique within a query batch or stored procedure." Any help would be appreciated. Here is what I'm using in my code behind: protected void Button1_Click(object sender, EventArgs e) { System.Text.StringBuilder sb = new System.Text.StringBuilder(); sb.Append("SELECT * FROM People WHERE Age "); switch (DropDownList1.SelectedValue) { case "=": sb.Append("= "); break; case ">": sb.Append("> "); break; case "<": sb.Append("< "); break; } sb.Append("@Age"); SqlDataSource1.SelectCommand = sb.ToString(); SqlDataSource1.SelectParameters.Add("Age", TypeCode.Int32, Age.Text); }
I know this is an easy one and I know I've read it somewhere, but I can't seem to write the correct format to run correctly. I am trying to build a SELECT statement base on the selected values of a dropdown list on a webform. The selected values will be part of the Table name.. ("client_info" & location_option.selecteditem.value) Can someone show me the correct syntax for adding a form variable into a SELECT statement? Thanks
I'm running asp.net on an XP machine with MSDE 2000 as the database. I want to create a user table with a userid and password. I have a second table that contains details about the user such as home address and phone number etc. When the user first signs up, I want their userid to go into the user table and the user detail table. In my SQL insert command, I can't get @userId to go into both tables. So my question is how do I get the userID to go into both tables or is there a better way of doing this altogether?
hi , i am new to this. how should i update the user input values into sql server database? i am using asp.net and c# FIELDS are- userId, name, description, startTime, endTime, audiencePassword, presenterPassword
i know it must be simple...but i haven't worked on this before.
how can i make a customized error message for a wrong input of parameters?
let's say i have a parameter which requires user input of companyID and it should compose of all numbers only. if not followed an error message will be prompted to the user... "please enter numbers only..." or something like that...
