Need To Pass User Input Through To SQL Query

May 20, 2008

Hello Everybody,

I am sure this has been asked a thousand times before in a thousand different ways, but here goes...

I am in need of the ability to prompt users for a From Date and To Date to insert into a WHERE clause in SQL queries. What is the easiest least painful way of accomplishing this? A great many of our customers utilized SQL Server Express or MSDE, so they do not have the full gambit of SQL tools handy. Believe me when I say that I have searched high and low across the internet for this solution. I was hoping I might be able to accomplish this through VB Script or J Script. Or, anything reasonable.

Thanks in advance for your time and patience,

Rocky Mountain Tech

View 1 Replies


ADVERTISEMENT

User Input In SQL Query

Nov 24, 2004

Hi,

I am new to ASP.NET so pordon me if my questions seems to be stupid.

I was given an assign to develop a ASP that would return results from a SQL server.

The problem is that part of my query to the SQL server comes from the webform


select a.invnum, a.invdate, a.duedate, a.invamt,a.payamt from vpshead a inner join vendors
b on (a.vendnum = b.vendnum) where (a.vendnum = " & user.text & " ) and (b.vendpass = "
& Pass.text & " ) and (a.payflag <> 'V') and ( (a.invamt <> 0) or (a.payamt <> 0) )and (a.chkno = '') order by a.invdate"



As your can tell I am using the user.text and Pass.text in my query which will come from the web form.

I know this is wrong but how else can I do it?

Thanks

View 3 Replies View Related

How To Get User Input In Query

Nov 30, 2006

I m new to SQL Server. Before this I was using access. In access one can have user inputs easily .. for example

where receivedate=[enter date]



how I can get userinputs in SQL server Query....



Forgive me if it is a dumb question

View 6 Replies View Related

User Input In Query Analyzer

Jul 15, 2004

Hi folks, i am lookin for an option in the QA to take user input while executing a query. just like we do in SQLPLUS:
SELECT * FROM dept WHERE deptno=$abc
here it would ask me for the deptno. I guess it's a very handy feature and we could test our variables and calculations withing the procedures etc.

Is there a way, or any substitute?


Howdy!

View 14 Replies View Related

Running Query From User Input

Jan 11, 2006

I would like to setup a query where the user is firstly prompted to input the information e.g. if they are trying to locate a particular person from a telephone database they would be prompted to enter the surname for that person.

View 4 Replies View Related

Query Database User Input From ListBox

Jan 25, 2006

I have a problem selecting fields from a table where fields are equal to user input from a listbox. example
listbox of zip codes:
33023[red]22300[/red]39844[red]29339[/red]23883[red]38228[/red]
user wants to retreive highlight zip codes from database.connection working perfect.Thank you for your help.
 
        

View 2 Replies View Related

Pass User Name As A Parameter In A Query

May 13, 2007

just getting started with my first db driven web project...
I am using a MySql database with membership and roles and got that working fine. I have tables containing details of courses that users are enrolled on etc. and want to display a list of courses for the user that is signed in, so he can continue lessons on the one of his choice.
How do I pass the users name to the database query for a DataList control. So far I have tried lots of variations of the following:
<asp:SqlDataSource ID="dsCourses" runat="server" ConnectionString="<%$ ConnectionStrings:xxx %>"    ProviderName="<%$ ConnectionStrings:xxx.ProviderName %>"    SelectCommand="SELECT c.CourseName FROM courses c, enrolments e        WHERE c.CourseID=e.CourseID AND e.Username='<% =User.Identity.Name %>'"></asp:SqlDataSource>
<asp:DataList ID="DataList1" runat="server" DataSourceID="dsCourses">    <ItemTemplate>        <asp:HyperLink ID="HyperLink1" runat="server" NavigateUrl="Lesson.aspx">'<%# Eval("CourseName") %>'</asp:HyperLink><br />    </ItemTemplate></asp:DataList>&nbsp;</p>
However, the <% =User.Identity.Name %> doesn't work here (but it does elsewhere on the page) - not sure why?? The code works fine if I hard code a user name into the select statement.
Suggestions pleeeeeese!!
 

View 1 Replies View Related

How To Pass A Input Value To A Script Using Osql

Dec 2, 2004

I want to run a sql script that creates some views using "osql". The views in turn refer to user defined functions which need a two-part name reference(MyUser.MyFunction). Is there a way to do this without hardcoding the value of the "MyUser" in the script?

Example..

I want to run a script called myscript.sql using OSQL. The file myscript.sql looks like this..

CREATE view V1
AS
SELECT *, UserOwner1.MyFunction1(5)
FROM MyTable
go

CREATE view V11111
AS
SELECT *, UserOwner1.ScalarFunction11111(7)
FROM MyTable
go

-----

I do not want to hardcode the username (UserOwner1) since it varies from database to database. So when I run this script from command prompt using "osql" I want the ability to supply the value for the username (UserOwner1) which owns the user defined function. How to do this?

This problem would go away if SQLServer 2000 was not so adamant about requiring two part reference to a user defined function.

Thanks!

View 4 Replies View Related

Pass Datasource Name As Input Parameter

Feb 23, 2007

hi,

how to pass Datasource Name as input parameter from command propmt to rdl file in sql server 2005?

Thanks,

shanthi

View 3 Replies View Related

SQLCMD - How Do I Pass Parameter At Dos Command Line To Input File?

Mar 23, 2007

I am not sure if this has been asked before but I couldn't find any thread talking about this.

Let's say we have a parameter in the .sql input file called @Start_Date, how can we pass the value of a particular date, for example, "02-28-2007" to @Start_Date via SQLCMD? is it possible?

I'm trying to skip the need to write a simple windows application...if things can be achieved via dos command line, that will keep everything simple!

thanks! :)

View 3 Replies View Related

User Input

Aug 14, 2002

Hi all,
Can anyone tell me about how to prompt a user to type when running a sql statement through query analyzer.
thanks
Jay

View 1 Replies View Related

User Input

Apr 23, 2008

I have created a query that has a "When" and an "And" function.

I know need to make the query run on user input, i want it to ask for the date, then name to run the query

View 2 Replies View Related

User Input With Sql...

Nov 1, 2006

Afternoon...
I have a database for a pretend dvd hire company and need to create a query that uses user input as part of the query.

Ie, select * from dvd where actor = 'Tom Cruise';

The 'Tom Cruise' part of the query needs to be user input every time the query is ran... Can you help?

Many thanks in advance!?

View 14 Replies View Related

User Input

May 14, 2007

Is it possible to allow user input via a Reporting Services Report? What I mean is could a report be created that would allow someone using the report to enter a number that would be written to the SQL database?

View 1 Replies View Related

User Input - SQL Paramaters

Dec 18, 2007

 Hi, Just wondering if I could make sure that "hackers" don't tamper with my querystring - which is a parameter for a SQL query. i.e...  Dim ListOfValues as string = request.querystring("listOfValues")

'Output would be this: 324234,5445,554654,45632,SQL command :  Delete From table where product_id IN (@ListOfValues)

cmd.paramaters.addwithvalue("@ListOfValues", ListOfValues ) 



How can I validate it so that hackers can't add any characters other than 'numbers' and ' , ' to the sql parameter? I have tried to tryparse the 'ListOfValues ' as an integer - by replacing "," with "" but an integer overflow occured. Any questions or ideas? Thanks   

View 6 Replies View Related

User Input Conversion

Feb 19, 2005

To: All,

well here's a problem that I encountered, i got a textbox that is used to store the Date of Birth of a user. So when user keys in something, it is store as a string. However i wish to convert it into a datetime so that i can store it into my database. Anybody know of a way to help? i've tried countless methods but doesn't seem to work. Please give me a hand guys.... Thanks

From: iaciz

View 2 Replies View Related

User Input Data In T-sql

Aug 20, 2005

Hi there

I want to give dynamic input to the t-sql code in sql analyzer.how do i do that....

Like adding 2 numbers

declare @a integer,@b integer,@c integer
--I dont want to give like this
--set @a = 5
--set @b = 10
set @c = @a + @b

can anyone help me with this

regards
Vic

Vicky

View 3 Replies View Related

Need To Get Input In Parameter From End User

May 24, 2007

Hi,

I am trying to make a simple stored procedure which I want to take input on every run from end user:

SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
declare @sku varchar(20)

insert into skua (sku,SumOfQtyNum)
(select sku,sumofqtynum from sku where @sku = sku.sku)

it is working but not asking parameter values

(I want to use passthrough query after that in Access)
thanks




AA

View 2 Replies View Related

User Input In SQL2000

Jul 23, 2005

Hello. I'm using SQL query analyzer to run some queries against anSQL2000 DB. Unfortunately, my previous SQL experience is some OralceSQL I took in school.To put it simply, I'm trying to write a query to pull records thatmatch a variable input. In Oracle, I'd use a substitution variablelike this...SELECT * FROM jobs WHERE jobid = &job_id_to_query;Is this possible under SQL2000? Is this only a feature of SQL*Plus?TIARich

View 8 Replies View Related

Pull Between 2 Dates From User Input

Feb 14, 2007

 I want to pull dates from my database that are between to set dates i have written a query that does this which looks like this:
"SELECT OCH_ID, empno, Selected_OCD, Start_Time, End_Time, Selected_OCDay, Selected_DOM, Selected_Month, Selected_Year FROM dbo.ICT_On_Call_Hours                           WHERE (CONVERT (datetime, LEFT (Selected_OCD, 2) + '/' + SUBSTRING(Selected_OCD, 4, 2) + '/' + RIGHT (Selected_OCD, 4)) >= CONVERT (datetime, LEFT ('12/02/2007', 2) + '/' + SUBSTRING('12/02/2007', 4, 2) + '/' + RIGHT ('12/02/2007', 4))) AND (CONVERT (datetime, LEFT (Selected_OCD, 2) + '/' + SUBSTRING(Selected_OCD, 4, 2) + '/' + RIGHT (Selected_OCD, 4)) < CONVERT (datetime, LEFT ('14/02/2007', 2) + '/' + SUBSTRING('14/02/2007', 4, 2) + '/' + RIGHT ('14/02/2007', 4)))"
This works when the dates are included in the statement but when i try and use parameters to pull them in like this:
"SELECT OCH_ID, empno, Selected_OCD, Start_Time, End_Time, Selected_OCDay, Selected_DOM, Selected_Month, Selected_Year FROM dbo.ICT_On_Call_Hours                           WHERE (CONVERT (datetime, LEFT (Selected_OCD, 2) + '/' + SUBSTRING(Selected_OCD, 4, 2) + '/' + RIGHT (Selected_OCD, 4)) >= CONVERT (datetime, LEFT ('@Choice1', 2) + '/' + SUBSTRING('@Choice1', 4, 2) + '/' + RIGHT ('@Choice1', 4))) AND (CONVERT (datetime, LEFT (Selected_OCD, 2) + '/' + SUBSTRING(Selected_OCD, 4, 2) + '/' + RIGHT (Selected_OCD, 4)) < CONVERT (datetime, LEFT ('@Choice2', 2) + '/' + SUBSTRING('@Choice2', 4, 2) + '/' + RIGHT ('@Choice2', 4)))"
I then recieve the following error message why is this?
ERROR ------------------->  Syntax error converting datetime from character string.
Any Help would be greatly appreciated thanks

View 2 Replies View Related

Search Based On User Input

Jul 25, 2007

I have a search page that allows users to type/select values contined within the entry they're looking for. My SELECT statement returns columns in a table that get compared to the user input. So if someone selected Status (Open) then all of the 'Open' Request entries should populate the search page. How do I phrase the SELECT statement to compare values if the user gives them, but ignore the fields where no data was input when it's searching? So a search where no values were entered would return every Request Entry instead of an error; no entry.
Thanks!

View 2 Replies View Related

Code To Chage User's Input:123, 234 To '123','234'

May 3, 2008

I need to convert user's input to SQL statement.
How to code to chage user's input:123, 234 to '123','234'

View 4 Replies View Related

How To Update Values From The User Input?

Jun 2, 2008

Hi I have a table(tblA) as follows

Col1--------------col2---------col3-----col4
London------------1131---------299------Barking
Didicot-----------3451---------429------Dansdon
Barking/ASton-----1131---------345------Singleton
Vander/ADon/cam---3907---------299------derby
Null or Blank ---1131---------423------Addington

Expecting the Data should display look like below

London------------1131---------299------Barking
Didicot-----------3451---------429------Dansdon
Barking/ASton-----1131---------345------Singleton
Vander/ADon/cam---3907---------299------derby

But when user change the col2 value (1131) to 113999, this should be changed to all values where col2 is 1131. Please Help

View 2 Replies View Related

Get Newest Input For Each User From Table

Nov 20, 2014

I dont know how to get the newest input for each user from one single table.

Should be a very simple task but i cant work it out.

The table looks like this:

ID (A_I), userID, ip, date(timestamp)

Here is a SQL Fiddle Link with some data also: [URL] ....

I have tried a lot querys like this one:

SELECT userID, ip FROM userips GROUP BY userID ORDER BY ID DESC

But this one does not give me the latest ip which was entered by a user.

View 2 Replies View Related

User Input During Report Generation.

Nov 30, 2007



Hello,

I'm trying to do something simple that has turned out to be a frustrating problem. I have a field in my report that needs to be populated by user input. Based on this user input, I will use the field in a calculation. The simple solution to me, was to create a custom assembly that has a function that uses Console.Write("Input Data") and Console.readline() to assign the input to a string, and then return that string to the report. This works fine in a test console application, but when I copy and paste the code to my custom assembly, it returns #Error to the report. I've debugged, and found that when I hit F10 on Console.Write("test"); it skips right over it, and nothing happens. It also skips over Console.readline(); with nothing happening. This makes me unable to take the user input and set the textbox equal to that value.

Am I doing this completely wrong? Is there something I'm missing, or just not understanding correcly? It seems like reporting services has to have this option. I'd really appreciate some advice. Thanks!

-Paul

View 3 Replies View Related

Pass Output Of A Function To Another Function As Input

Jan 7, 2014

I need to be able to pass the output of a function to another function as input, where all functions involved are user-defined in-line table-valued functions. I already posted this on Stack Exchange, so here is a link to the relevant code: [URL] ...

I am fairly certain OUTER APPLY is the core answer here; there's *clearly* some way in which does *not* do what I need, or I would not get the null output you see in the link, but it seems clear that there should be a way to fool it into working.

View 5 Replies View Related

How To Pass The Privileges From One User To Another?

May 22, 2008



hi,
I created a View,like the following:
Create View viewSecure
as select * from sales.customer
go
Grant select on viewSecure to Andrew
go
Exec as login='Andrew'
Select * from viewSecure
go
Revert
go
Alter Authorization On viewSecure to Jerry
go
Exec as login='Jerry'
Select * from viewSecure
go
but, I received the error 'SELECT permission denied on object 'Customer', database 'AdventureWorks', schema 'Sales'.
Meanwhile, I re-granted Select Privilege to Andrew, I got the same error.
I know Alter Authorization command means to change the owner of an object. I got 3 questions need your help.
1. An user owned an object, if he may have no any privileges to this object?
2.Why I got the same error after re-granted Select privilege to Andrew?
3.How to pass privileges from one user to another?

Thanks a lot.

View 15 Replies View Related

Dynamic WHERE Operator Based On User Input

Oct 17, 2007

Let's say I have a table with 3 fields: an ID field (primary key, set as an id field, etc.), a Name field (nvarchar50), and an Age field (int). I have a form that has three elements:
DropDownList1: This drop down list contains 3 choices- "=", ">", and "<".
Age: This text box is where someone would enter a number.
Button1: This is the form's submit button.
I want someone to be able to search the database for entries where the Age is either equal to ("="), greater than (">"), or less than ("<") whatever number they enter into TextBox1.
The code-behind is shown below. The part I'm confused about is that if I load this page, the query works the -first- time. Then, if I try to change the parameters in the form and submit it, I get the following error:
"The variable name '@Age' has already been declared. Variable names must be unique within a query batch or stored procedure."
Any help would be appreciated.
Here is what I'm using in my code behind:
    protected void Button1_Click(object sender, EventArgs e)    {        System.Text.StringBuilder sb = new System.Text.StringBuilder();        sb.Append("SELECT * FROM People WHERE Age ");        switch (DropDownList1.SelectedValue)        {            case "=":                sb.Append("= ");                break;            case ">":                sb.Append("> ");                break;            case "<":                sb.Append("< ");                break;        }        sb.Append("@Age");        SqlDataSource1.SelectCommand = sb.ToString();        SqlDataSource1.SelectParameters.Add("Age", TypeCode.Int32, Age.Text);    }

View 7 Replies View Related

Using User Input As Part Of A SELECT Statement

Jun 16, 2004

I know this is an easy one and I know I've read it somewhere, but I can't seem to write the correct format to run correctly. I am trying to build a SELECT statement base on the selected values of a dropdown list on a webform. The selected values will be part of the Table name.. ("client_info" & location_option.selecteditem.value) Can someone show me the correct syntax for adding a form variable into a SELECT statement? Thanks

View 1 Replies View Related

How Can I Enter A User Input Into 2 Tables Simultanously?

Oct 25, 2004

I'm running asp.net on an XP machine with MSDE 2000 as the database. I want to create a user table with a userid and password. I have a second table that contains details about the user such as home address and phone number etc. When the user first signs up, I want their userid to go into the user table and the user detail table. In my SQL insert command, I can't get @userId to go into both tables. So my question is how do I get the userID to go into both tables or is there a better way of doing this altogether?

Thanks,
Tom

View 1 Replies View Related

Date Range Select - User Input

Jul 15, 2014

I have a table has following fields(Process, datestart,dateend,datedue,,,,)

Process datestart dateend ...
A 14.07.2017 20.07.2014
B 15.07.2014 21.07.2014
C 24.07.2014 30.07.2014

What i want when user enters from date and end date. i want to filter records which are fallen between those two input dates.

if user enters 17.07.2014 and 20.07.2014 as input range. query should show only A and B process as
A 14.07.2017 20.07.2014
B 15.07.2014 21.07.2014

View 3 Replies View Related

How To Update User Input Data Into Sql Server

May 28, 2007

hi ,
i am new to this.
how should i update the user input values into sql server database?
i am using asp.net and c#
FIELDS are-
userId,
name,
description,
startTime,
endTime,
audiencePassword,
presenterPassword

i know it must be simple...but i haven't worked on this before.


Jaimin

View 3 Replies View Related

Error Message For Wrong User Input

Mar 4, 2008

how can i make a customized error message for a wrong input of parameters?

let's say i have a parameter which requires user input of companyID and it should compose of all numbers only. if not followed an error message will be prompted to the user... "please enter numbers only..." or something like that...

please... just wondering if its possible...

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved