Click here to Skip to main content
15,900,378 members
Search within:


How to Join StoredProcedure with SQL Query
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
ASP.NET
SQL-Server
From aspx page

C#
sqlcmd = new SqlCommand("select * from [RptAuditCrystal] where EditedBy='" + Session["userid"].ToString() + "' order by " + Request.QueryString["order"].ToString(), sqlcon);
                da = new SqlDataAdapter(sqlcmd);
                dt3.Clear();
                da.Fill(dt3);
                sqlcmd.Dispose();
            

            sqlcmd = new SqlCommand("rpt_closeaudituploaddata";, sqlcon);
            sqlcmd.CommandType = CommandType.StoredProcedure;
            sqlcmd.Parameters.AddWithValue("@AuditPlanId", Request.QueryString["Id"].ToString());
            sqlcmd.Parameters.AddWithValue("@EditedBy", Session["userid"].ToString());
            da = new SqlDataAdapter(sqlcmd);
            dt4.Clear();
            da.Fill(dt4);
            sqlcmd.Parameters.Clear();
            sqlcmd.Dispose();


From SQL Stored Procedure -

SQL
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER PROCEDURE [dbo].[rpt_closeaudituploaddata] 
	@AuditPlanId varchar(30)
	,@EditedBy varchar(20)
	
AS

BEGIN TRY
	SET NOCOUNT ON;
	
	delete from RptTemplateData where EditedBy=@EditedBy
	
	Declare @QuestionID varchar(20)
	Declare @TemplateId varchar(20)
	Declare @sql varchar(max)
	Declare @coldata varchar(2000)
	Declare @colname varchar(2000)
	
	DECLARE @PKgetLevelID CURSOR
	SET @PKgetLevelID = CURSOR FOR select distinct TA.QuestionID,MT.TemplateId from TrnsAuditorUploadedData TA left join MstrUploadTemplate MT on MT.UploadId=TA.UploadId where TA.IsActive='Y' and AuditPlanId=@AuditPlanId order by TA.QuestionID
	OPEN @PKgetLevelID
	FETCH NEXT
	FROM @PKgetLevelID INTO @QuestionID,@TemplateId
	WHILE @@FETCH_STATUS = 0
	BEGIN
		
		set @coldata = (select dbo.GetReportTemplate(@TemplateId))
		set @colname = (select dbo.GetReportTemplateColumns(@TemplateId))
		
		set @sql = 'INSERT INTO [dbo].[RptTemplateData] ([QuestionID],[QuestionDesc]
					,[RCol1],[RCol2],[RCol3],[RCol4],[RCol5],[RCol6],[RCol7]
					,[RColName1],[RColName2],[RColName3],[RColName4],[RColName5],[RColName6],[RColName7],[EditedBy]
					,[AuditorRM],[AuditorRMOn],[AuditorRMBy],[AuditeeRMSR],[AuditeeRMSROn],[AuditeeRMSRBy],[AuditeeRMCP],[AuditeeRMCPOn],[AuditeeRMCPBy]) 
					select MQ.QuestionID,MQ.QuestionDesc,' + @coldata + ',' + @colname + ', ''' + @EditedBy + '''
					,[AuditorRM],AuditorRMOn=CONVERT(varchar,CAST([AuditorRMOn] as datetime2(0)),109),[AuditorRMBy]
					,[AuditeeRMSR],AuditeeRMSROn=CONVERT(varchar,CAST([AuditeeRMSROn] as datetime2(0)),109),[AuditeeRMSRBy]
					,[AuditeeRMCP],AuditeeRMCPOn=CONVERT(varchar,CAST([AuditeeRMCPOn] as datetime2(0)),109),[AuditeeRMCPBy] 
					from TrnsAuditorUploadedData TA left join MstrQuestions MQ on MQ.QuestionId=TA.QuestionId 
					where AuditPlanId=''' + @AuditPlanId + ''' and TA.QuestionID=''' + @QuestionID + ''' '
		
		exec (@sql)
			
	FETCH NEXT
	FROM @PKgetLevelID INTO @QuestionID,@TemplateId
	END
	CLOSE @PKgetLevelID
	DEALLOCATE @PKgetLevelID
	
	select * from RptTemplateData where EditedBy=@EditedBy
	
END TRY

BEGIN CATCH
	
	DECLARE @errmsg NVARCHAR(4000)
	DECLARE @errseverity INT
	DECLARE @errstate INT
	
	SELECT @errmsg = ERROR_MESSAGE(), @errseverity = ERROR_SEVERITY(), @errstate = ERROR_STATE()

	RAISERROR(@errmsg, @errseverity, @errstate)

END CATCH




How I can join "dt3" result and "dt4" result in one single DataTable?
Posted
Add a Solution
Comments
ZurdoDev 19-Jan-16 10:43am    
I suggest you create a new stored procedure.
Richard Deeming 19-Jan-16 11:20am    
Your code is vulnerable to SQL Injection[^].

Even worse, you've gone for double SQL Injection - both the stored procedure code and the C# code that calls it are vulnerable.

NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

In C# code, use the Parameters collection[^] to pass parameters to the command, as you did in your second block of C# code.

In SQL code, use sp_executesql[^] to execute a parameterized dynamic query.

1 solution

Having text boxes in the query is dangerous. You need to read about Sql Injection[^].

If you want to join the results of the query with the sp, just move the query into the sp.
 
Share this answer
 
Posted
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
sql server queries, storedprocedure, triggers,functions
Problem in SQL Server StoredProcedure
Convert query to storedprocedure
sql join query not working correctly
Sql - merge 2 queries into 1
Theninclude not generating joins
how to overcome Null values in storedprocedure
SQL join query
Avoiding repeating table join for every query
Join query

Advertise
Privacy
Cookies
Terms of Use
Last Updated 19 Jan 2016
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web03 2.8:2024-05-14:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900