Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion GroupsGeneralPHPASPPerlColdFusionFlashHTML, CSS, ScriptsBrowsers

Re: Writing a query ...


Tip: Looking for answers? Try searching our database.



You are accessing this site in a read-only mode. For full access to all member benefits, including message posting, please login or register. Registration is completely free, simple, and takes only a few seconds.

Login | Free WebmasterKB.com registration | Whole discussion thread

The message you are replying to and its parents are listed in the reverse order with the most recent posts first. This might not be the whole discussion thread. To read all the messages in this thread please click here.

Re: Writing a query ...

Bob Barrows25 Jul 2009 15:01
> Thank you for your reply Evertjan!
>
[quoted text clipped - 14 lines]
>
> End If

Aside from using dynamic sql, there is nothing wrong with this. Other ways
of doing it will decrease the amount of code, but will lead to less
efficient queries. There are some good articles here:
http://www.sommarskog.se/ - read the one about dynamic search conditions
(and then read the one about dynamic sql)

Here is my canned reply about dynamic sql:

Further points to consider:
Your use of dynamic sql is leaving you vulnerable to hackers using sql
injection:
http://mvp.unixwiz.net/techtips/sql-injection.html
http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23

See these links for a better, more secure way to execute your queries by
using
parameter markers:
http://groups-beta.google.com/group/microsoft.public.inetserver.asp.db/msg/72e36
562fee7804e

Using Command object to parameterize CommandText:
http://groups-beta.google.com/group/microsoft.public.inetserver.asp.db/msg/72e36
562fee7804e
Select statement:
http://groups-beta.google.com/group/microsoft.public.inetserver.asp.db/msg/b3d32
2b882a604bd

Personally, I prefer using stored procedures,
http://groups.google.com/group/microsoft.public.inetserver.asp.general/msg/5d3c9
d4409dc1701?hl=en&

Signature

Microsoft MVP - ASP/ASP.NET - 2004-2007
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"


bcap25 Jul 2009 14:40
Thank you for your reply Evertjan!

I am using SQL Server with ASP Classic.  This is not a school project
(though I want to take some classes), I am a IT Project Manager trying
to learn code and modify existing projects.  Here is what the query
currently looks like, it gets the job done.  I want to learn and
understand if this process can be done better.

if request.querystring("StatusDisplay")="" then

strSql = " SELECT CustID, FName, LName, SubLevel FROM CustInfo"

Else

strSql = " SELECT CustID, FName, LName, SubLevel FROM CustInfo WHERE
SubLevel="  & request.querystring("sublevel")

End If

Evertjan.25 Jul 2009 14:23
bcap wrote on 25 jul 2009 in microsoft.public.inetserver.asp.general:

> I am looking to write a piece of code better.

Better than what?

Show us your code, only the essence please.

> Lets say I have a table called CustInfo with CustID, FirstName,
> LastName, and Subscription Level for simplicity.

No, let us hear what engine you are using.

> How can I create a query that I would be to:
>
> 1)  Get all records no matter what subscription level they are in
> 2)  Choose only records that have a selected status types
> 3)  Declare that there are no records

Is this a school assignment?
Did you read some of the many SQL tutorials?

> Currently, I am using two queries (one that just selects all, another
> that needs a parameter) and making a decision based on if there is a
> status type.  

What is a "status type"?

> I'd like to learn a more efficent way to do this.  Any
> advise would be appreciated!

Learning is not letting someone else do the task!

Signature

Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)


bcap25 Jul 2009 13:37
Hi,

I am looking to write a piece of code better.

Lets say I have a table called CustInfo with CustID, FirstName,
LastName, and Subscription Level for simplicity.

How can I create a query that I would be to:

1)  Get all records no matter what subscription level they are in
2)  Choose only records that have a selected status types
3)  Declare that there are no records

Currently, I am using two queries (one that just selects all, another
that needs a parameter) and making a decision based on if there is a
status type.  I'd like to learn a more efficent way to do this.  Any
advise would be appreciated!

Quick links:
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage



©2010 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.