|
santoshsan wrote: "SELECT subcat_id,subcat_name FROM temp_subcat WHERE cat_id = 'get_cat' "
get_cat is a long variable, but when i enclose it in ' ' qoutes SQL or ODBC treats it as string and does not uses the value inside it which I wanted to.
You probably need to do something like this:
"SELECT subcat_id,subcat_name FROM temp_subcat WHERE cat_id = " + get_cat
Do keep in mind the SQL injection attacks warning from Colin, though.
Hope this helps.
Chandra Ram
|
|
|
|
|
I tried to create database independant using new feature of visual .net(factories)the problem happen when passing parameters for orcale and sql server the shape of this passed parms differs that will genrate error when passing parameter or i will have to write code for diffrent diffrent database cases & that will be on the contrary of the reason of factories and exisance.
thanks alot
Hassan amaar.
Hassan Amaar
|
|
|
|
|
I think you're maybe missing the point of the factory pattern - in what way do the passed parameters change?
|
|
|
|
|
Thanks alot for yuor replay,
it differs in the the way the prameter are passed for instance when passing aprameter to orcale prvider it will be like this :p + name
for Sqlprovider it will be like this :@ + name
so in this case according to what I understood I will have to create aclass for each data provider.
I will do appreciate if you told if there is better solution,and please give me an example.
Hassan amaar
Hassan Amaar
|
|
|
|
|
Well yes, this is really the idea behind the factory pattern, something like:
DalFactory fact = new DalFactory();
fact.GetDal();
then in the factory class:
GetDal()
{
IDal aDataLayerClass;
switch (source)
{
case "SqlServer":
aDataLayerClass = new SqlServerDal();
break;
case "Oracle":
aDataLayerClass = new OracleDal();
break;
etc...
}
return aDataLayerClass;
}
This means that whatever is calling your data layer, it doesn't matter to them what the datasource is in the background, as they are just dealing with a class like IDal, and you can write provider specific code for each datasource.
|
|
|
|
|
Hi,
In fact they are different :
SQLServer provider : @ + name
Oracle : p + name
OleDB : ? (without a name)
ODBC (i think) : ? (without a name)
Me too i don't know why MS decided to change parameter names with providers. It's as is it and we must deal with that.
There are many other differences :
- Data Types
- Quotes : []in sql and access , "" in Oracle,....
- And Queries are different so use only standard SQL (SQL-92 or SQL-99) to be sure that u don't need to rewrite your application when changing provider.
I think u must create a class for each provider and declare diffrences as variables that u change in each class. I am sure that's the better way.
HTH.
Hayder Marzouk
|
|
|
|
|
Thanks you for your replay
I think what you said is the only way to deal with this case
Hassan Amaar
Hassan Amaar
|
|
|
|
|
Hi Guys,
I had my database for my website in the remote webhost server.But the whole database got deleted suddenly.I could not track from where it happened.Now I am having a new webhost. I would like to give maximum protection, so that the database doesn't get deleted.
Can anybody help me with the necessary steps that has to be taken so that my database is secure.
Thanks
Jith
|
|
|
|
|
Check you application for possibility of injecting sql:
e.g. do you concatenate your sql strings together like
"select * from a where something = " + textbox1.text;
|
|
|
|
|
Hi all!
i have writing an stored procedure in sql server 2005 which are given below ...
Create procedure [dbo].[DGV_UpdateUser]
(
@uId nvarchar(100),
@uName nvarchar(300),
@uEmail nvarchar(300),
@uState nvarchar(300),
@Picture Image
)
AS
BEGIN TRAN
DECLARE @SQL_Query varchar(8000)
IF(EXISTS(SELECT * FROM Users WHERE Uid = @uId))
BEGIN
SET @SQL_Query = 'UPDATE Users SET Name = ''' + @uName + ''', Email = ''' + @uEmail + ''''
IF(@uState IS NOT NULL)
SET @SQL_Query = @SQL_Query + ', State = ' + @uState
IF(@Picture IS NOT NULL)
SET @SQL_Query = @SQL_Query + ', Picture = ' + @Picture
SET @SQL_Query = @SQL_Query + ' WHERE Uid = ''' + @uId + ''''
EXEC(@SQL_Query)
--print @SQL_Query
END
IF(@@error<>0)
ROLLBACK
ELSE
COMMIT
When i press F5 to create this procedure, i have faced following error:-
Msg 402, Level 16, State 1, Procedure DGV_UpdateUser, Line 21
The data types varchar and image are incompatible in the add operator.
----------------------------------------------------------------------
i have try to cast @Picture into Varchar but i have not successed to remove error. Can any one help me?
Thanks & Regards,
SAMir Nigam,
Software Developer,
STPL, Lucknow, India.
|
|
|
|
|
You have DECLARE d @SQL_Query as varchar . All your other variables are defined as nvarchar . Choose one and stick with it.
|
|
|
|
|
Sorry friend! error is still there.
Thanks & Regards,
SAMir Nigam,
Software Developer,
STPL, Lucknow, India.
|
|
|
|
|
So you've changed every varchar to an nvarchar or vice versa? If yes, then it musr be a different error.
|
|
|
|
|
Yes friend! same error is still there. it is because Image data type cann't be implicitly or explicitly converted to string data type. and in in exec() method , parameter should be string. actually i want solution of this problem. if u have any idea[different], then please tell me.
Thanks & Regards,
SAMir Nigam,
Software Developer,
STPL, Lucknow, India.
|
|
|
|
|
Sorry - I misread your query.
You cannot inject an image into a string.
You might want to look at sp_execsql stored procedue - it will help you get the image in. Alternatively, use a number of UPDATE statements inside the transaction so you are not injecting values into the SQL (it also makes your code safer as it is less susceptable to a SQL Injection Attack)
|
|
|
|
|
Thanks You sir!
Thanks & Regards,
SAMir Nigam,
Software Developer,
STPL, Lucknow, India.
|
|
|
|
|
hi all,
I want to query Microsoft Active Directory (Windows Server 2003) from SQL Server. Active Directory data have been stored on remote computer and i want to retrieve those data in SQL Server on local computer.
So how could i achieve this?
|
|
|
|
|
|
That first link doesn't seem to help because i tried those things so many times but that second link which is in french seem to be very useful so please help me transalting it.
Thanks,
Rachit Damani.
|
|
|
|
|
hi everybody
I have 3 tables employe,earning,deductions
table employe
id name
1 shekar
2 vijay
3 mohan
4 kiran
table earning
id desc amt
1 basic 1000
1 hra 850
1 ta 150
2 basic 3000
2 hra 350
2 ta 200
3 basic 4000
3 hra 700
3 ta 100
4 basic 5000
4 hra 600
4 ta 170
table dedu
id desc amt
1 pf 50
1 it 100
1 pt 60
2 pf 50
2 it 100
2 pt 60
3 pf 50
3 it 100
3 pt 60
4 pf 50
4 it 100
4 pt 60
is it possible to get the o/p like this
id name basic hra ta pf it pt
1 shekar 1000 850 150 50 100 60
2 vijay 3000 350 200 50 100 60
...
regards
chandru
|
|
|
|
|
dear chandru,
I strongly recommend you to change the structure of your table....Why not to keep three different fields basic/hra/ta in earning Table And pf/it/pt in the deduction table....
Tirtha
Miles to go before I sleep
|
|
|
|
|
Dear Tirtha,
Why i created in different tables beacuse user can create new fields by his own if any new benfits, deducutions as and when he come across without contacting the developers.
I have diffent table where i hold these field name,formulas e.t.c., where they will enter details of fields & formulas for that fields. and add the field name to the employee id.
I am using sql server 2000
regards
chandru
|
|
|
|
|
You can certainly do this but I agree with another reply for this post to normalize the tables ... In any case you SP should do some thing like this
1. Create Temp table with the required columns
2. Select the required information from all the table using join
3. fill the temp table
4. Select from the temp table
If you are using MS SQL 2005 then there is something like Pivot tables through which you can still achieve the same ...
Regards,
Jaiprakash M Bankolli
jaiprakash.bankolli@gmail.com
|
|
|
|
|
I am a beginner of SQL SERVER 2005 and I need to create a database server to be able to share data in other computers inside and outside of my network. Please show me web pages about this topic. This is one way to learn, beginning to create databases configuring firstly the network. thank you.
SQL SERVER
|
|
|
|
|
Hi
When I view a table withen DataGridView . for eg .. then rows count on the table is 5 rows .. you found at the end of rows on the dataagrid control a balck area with the back color ,,,
Can I make the DatagridView Countinue view it's rows even it is empty ..
I hope that my idea is clear
jooooo
|
|
|
|