Solved

hardcoded values work only and not parameterized values

Posted on 2013-12-04
6
155 Views
Last Modified: 2013-12-11
I finally got my totals for a report to come out by making another select call. However, two of the values provided, which I would like to use parameters, then causes the sql to fail.

see attached file.

1. can I use parametrized values anywhere in a sql query in ado.net or are there limitations.
2. I had to convert the date before total counts were correct.



probably sql errors, can't seem to see the problem.
sql-parameter-problems.docx
0
Comment
Question by:mahpog
  • 5
6 Comments
 
LVL 48

Expert Comment

by:PortletPaul
ID: 39697126
Regarding the date range filter:

There are several "issues" with what you are doing I'm afraid

First thing to note is that you are creating a string (selectsql1) then that string is executed as a query. So the contents of the string must be valid as SQL.

--valid:
'selectsql1 &= "and convert(varchar(10),convert(datetime,u.entry_dt),101) between '01/01/2013' and '12/31/2013'  "

--INVALID:
'selectsql1 &= "and convert(varchar(10),convert(datetime,u.entry_dt),101) between @selyear0101 and @selyear1231  "

Open in new window


Your code will be looking for variables with the names @selyear0101 and @selyear1231

Then, there is a bigger SQL issue with the method you have chosen.

You are converting the data (u.entry_dt) to varchar so you can compare that data to 2 variables. This is vastly inefficient and the "wrong way around".

Don't convert the data to suit variables; instead convert the variables to suit the data
(see: http://en.wikipedia.org/wiki/Sargable)

Then, on top of all that, don't use between either :)
You should use the same technique as this previous answer:
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/ASP/Q_28309554.html#a39694443

            AND ( a.entry_dt >= DATEADD(YEAR, (@selyear - 1900), 0)
                        AND   a.entry_dt <  DATEADD(YEAR, (@selyear - 1899), 0)  )
           
====
Your document does not indicate how you populate @metric2 so I'm unable to comment on why that isn't working.
0
 

Author Comment

by:mahpog
ID: 39698297
the entry_dt on the table is defined as a char(10) not as a date type.  The reason for going through the convert, otherwise not recognized as a date.  

 AND ( a.entry_dt >= DATEADD(YEAR, (@selyear - 1900), 0)
                        AND   a.entry_dt <  DATEADD(YEAR, (@selyear - 1899), 0)  )

does not work.

@selyear is replaced with '2013' via cmd.addwithvalue parameter

@metric2 = "('14-1'),('15-1"),('31-11'),('31-14')  [displayed on top of report]
0
 

Author Comment

by:mahpog
ID: 39698885
i have reviewed the link about Sargable. I get right totals, if I hardcode values, if I replace with variables, never works. Code below: argh.......

        Dim selectsql1 As String = "Declare @sprno table (no varchar(10))  "
        selectsql1 &= "INSERT INTO @sprno (no)  "
        selectsql1 &= "VALUES   ('14-1'),('15-1'),('31-11'),('31-14')"
        selectsql1 &= "select s.no, isnull(count(u.srp_no),0) as ttlcnt "
        selectsql1 &= "from @sprno s  "
        selectsql1 &= "LEFT JOIN asrp_usage u ON u.srp_no = s.no "
        selectsql1 &= "AND convert(varchar(10),convert(datetime,u.entry_dt), 112) >= 20130101  "
        selectsql1 &= "AND convert(varchar(10),convert(datetime,u.entry_dt), 112) <= 20131231  "
        selectsql1 &= "and u.frp_ror = '1' "
        selectsql1 &= "and u.bus_type_gc = 'G' "
        selectsql1 &= "and u.location IN(Select Value FROM fn_Split(@locationlist, ',')) "
        selectsql1 &= "group by s.no "
        selectsql1 &= "order by s.no "
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 

Accepted Solution

by:
mahpog earned 0 total points
ID: 39699068
Here is final code that worked.

        ' Define ADO.NET objects.
        Dim selectsql1 As String = "Declare @sprno table (no varchar(10))  "
        selectsql1 &= "INSERT INTO @sprno (no)  "
        selectsql1 &= "VALUES " & Session("MetricList2").ToString() & " "
        selectsql1 &= "select s.no, isnull(count(u.srp_no),0) as ttlcnt "
        selectsql1 &= "from @sprno s  "
        selectsql1 &= "LEFT JOIN asrp_usage u ON u.srp_no = s.no "
        selectsql1 &= "AND convert(varchar(10),convert(datetime,u.entry_dt), 112) >= '" & Session("yearSelected").ToString() & "0101' "
        selectsql1 &= "AND convert(varchar(10),convert(datetime,u.entry_dt), 112) <= '" & Session("yearSelected").ToString() & "1231' "
        selectsql1 &= "and u.frp_ror = '1' "
        selectsql1 &= "and u.bus_type_gc = 'G' "
        selectsql1 &= "and u.location IN(Select Value FROM fn_Split(@locationlist, ',')) "
        selectsql1 &= "group by s.no "
        selectsql1 &= "order by s.no "


        ' Define the ADO.NET objects.
        Dim con1 As New SqlConnection(connectionString1)
        Dim cmd1 As New SqlCommand(selectsql1, con1)

        ' Add the parameters.
        cmd1.Parameters.AddWithValue("@locationlist", Session("LocationList"))
0
 

Author Comment

by:mahpog
ID: 39701761
resolved.
0
 

Author Closing Comment

by:mahpog
ID: 39710851
came up with solution.  closing.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SQL Server engine let you use a Windows account or a SQL Server account to connect to a SQL Server instance. This can be configured immediatly during the SQL Server installation or after in the Server Authentication section in the Server properties …
The article shows the basic steps of integrating an HTML theme template into an ASP.NET MVC project
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question