Solved

hardcoded values work only and not parameterized values

Posted on 2013-12-04
6
147 Views
Last Modified: 2013-12-11
I finally got my totals for a report to come out by making another select call. However, two of the values provided, which I would like to use parameters, then causes the sql to fail.

see attached file.

1. can I use parametrized values anywhere in a sql query in ado.net or are there limitations.
2. I had to convert the date before total counts were correct.



probably sql errors, can't seem to see the problem.
sql-parameter-problems.docx
0
Comment
Question by:mahpog
  • 5
6 Comments
 
LVL 48

Expert Comment

by:PortletPaul
Comment Utility
Regarding the date range filter:

There are several "issues" with what you are doing I'm afraid

First thing to note is that you are creating a string (selectsql1) then that string is executed as a query. So the contents of the string must be valid as SQL.

--valid:
'selectsql1 &= "and convert(varchar(10),convert(datetime,u.entry_dt),101) between '01/01/2013' and '12/31/2013'  "

--INVALID:
'selectsql1 &= "and convert(varchar(10),convert(datetime,u.entry_dt),101) between @selyear0101 and @selyear1231  "

Open in new window


Your code will be looking for variables with the names @selyear0101 and @selyear1231

Then, there is a bigger SQL issue with the method you have chosen.

You are converting the data (u.entry_dt) to varchar so you can compare that data to 2 variables. This is vastly inefficient and the "wrong way around".

Don't convert the data to suit variables; instead convert the variables to suit the data
(see: http://en.wikipedia.org/wiki/Sargable)

Then, on top of all that, don't use between either :)
You should use the same technique as this previous answer:
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/ASP/Q_28309554.html#a39694443

            AND ( a.entry_dt >= DATEADD(YEAR, (@selyear - 1900), 0)
                        AND   a.entry_dt <  DATEADD(YEAR, (@selyear - 1899), 0)  )
           
====
Your document does not indicate how you populate @metric2 so I'm unable to comment on why that isn't working.
0
 

Author Comment

by:mahpog
Comment Utility
the entry_dt on the table is defined as a char(10) not as a date type.  The reason for going through the convert, otherwise not recognized as a date.  

 AND ( a.entry_dt >= DATEADD(YEAR, (@selyear - 1900), 0)
                        AND   a.entry_dt <  DATEADD(YEAR, (@selyear - 1899), 0)  )

does not work.

@selyear is replaced with '2013' via cmd.addwithvalue parameter

@metric2 = "('14-1'),('15-1"),('31-11'),('31-14')  [displayed on top of report]
0
 

Author Comment

by:mahpog
Comment Utility
i have reviewed the link about Sargable. I get right totals, if I hardcode values, if I replace with variables, never works. Code below: argh.......

        Dim selectsql1 As String = "Declare @sprno table (no varchar(10))  "
        selectsql1 &= "INSERT INTO @sprno (no)  "
        selectsql1 &= "VALUES   ('14-1'),('15-1'),('31-11'),('31-14')"
        selectsql1 &= "select s.no, isnull(count(u.srp_no),0) as ttlcnt "
        selectsql1 &= "from @sprno s  "
        selectsql1 &= "LEFT JOIN asrp_usage u ON u.srp_no = s.no "
        selectsql1 &= "AND convert(varchar(10),convert(datetime,u.entry_dt), 112) >= 20130101  "
        selectsql1 &= "AND convert(varchar(10),convert(datetime,u.entry_dt), 112) <= 20131231  "
        selectsql1 &= "and u.frp_ror = '1' "
        selectsql1 &= "and u.bus_type_gc = 'G' "
        selectsql1 &= "and u.location IN(Select Value FROM fn_Split(@locationlist, ',')) "
        selectsql1 &= "group by s.no "
        selectsql1 &= "order by s.no "
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Accepted Solution

by:
mahpog earned 0 total points
Comment Utility
Here is final code that worked.

        ' Define ADO.NET objects.
        Dim selectsql1 As String = "Declare @sprno table (no varchar(10))  "
        selectsql1 &= "INSERT INTO @sprno (no)  "
        selectsql1 &= "VALUES " & Session("MetricList2").ToString() & " "
        selectsql1 &= "select s.no, isnull(count(u.srp_no),0) as ttlcnt "
        selectsql1 &= "from @sprno s  "
        selectsql1 &= "LEFT JOIN asrp_usage u ON u.srp_no = s.no "
        selectsql1 &= "AND convert(varchar(10),convert(datetime,u.entry_dt), 112) >= '" & Session("yearSelected").ToString() & "0101' "
        selectsql1 &= "AND convert(varchar(10),convert(datetime,u.entry_dt), 112) <= '" & Session("yearSelected").ToString() & "1231' "
        selectsql1 &= "and u.frp_ror = '1' "
        selectsql1 &= "and u.bus_type_gc = 'G' "
        selectsql1 &= "and u.location IN(Select Value FROM fn_Split(@locationlist, ',')) "
        selectsql1 &= "group by s.no "
        selectsql1 &= "order by s.no "


        ' Define the ADO.NET objects.
        Dim con1 As New SqlConnection(connectionString1)
        Dim cmd1 As New SqlCommand(selectsql1, con1)

        ' Add the parameters.
        cmd1.Parameters.AddWithValue("@locationlist", Session("LocationList"))
0
 

Author Comment

by:mahpog
Comment Utility
resolved.
0
 

Author Closing Comment

by:mahpog
Comment Utility
came up with solution.  closing.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Occasionally there is a need to clean table columns, especially if you have inherited legacy data. There are obviously many ways to accomplish that, including elaborate UPDATE queries with anywhere from one to numerous REPLACE functions (even within…
In this article we will get to know that how can we recover deleted data if it happens accidently. We really can recover deleted rows if we know the time when data is deleted by using the transaction log.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now