Solved

hardcoded values work only and not parameterized values

Posted on 2013-12-04
6
152 Views
Last Modified: 2013-12-11
I finally got my totals for a report to come out by making another select call. However, two of the values provided, which I would like to use parameters, then causes the sql to fail.

see attached file.

1. can I use parametrized values anywhere in a sql query in ado.net or are there limitations.
2. I had to convert the date before total counts were correct.



probably sql errors, can't seem to see the problem.
sql-parameter-problems.docx
0
Comment
Question by:mahpog
  • 5
6 Comments
 
LVL 48

Expert Comment

by:PortletPaul
ID: 39697126
Regarding the date range filter:

There are several "issues" with what you are doing I'm afraid

First thing to note is that you are creating a string (selectsql1) then that string is executed as a query. So the contents of the string must be valid as SQL.

--valid:
'selectsql1 &= "and convert(varchar(10),convert(datetime,u.entry_dt),101) between '01/01/2013' and '12/31/2013'  "

--INVALID:
'selectsql1 &= "and convert(varchar(10),convert(datetime,u.entry_dt),101) between @selyear0101 and @selyear1231  "

Open in new window


Your code will be looking for variables with the names @selyear0101 and @selyear1231

Then, there is a bigger SQL issue with the method you have chosen.

You are converting the data (u.entry_dt) to varchar so you can compare that data to 2 variables. This is vastly inefficient and the "wrong way around".

Don't convert the data to suit variables; instead convert the variables to suit the data
(see: http://en.wikipedia.org/wiki/Sargable)

Then, on top of all that, don't use between either :)
You should use the same technique as this previous answer:
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/ASP/Q_28309554.html#a39694443

            AND ( a.entry_dt >= DATEADD(YEAR, (@selyear - 1900), 0)
                        AND   a.entry_dt <  DATEADD(YEAR, (@selyear - 1899), 0)  )
           
====
Your document does not indicate how you populate @metric2 so I'm unable to comment on why that isn't working.
0
 

Author Comment

by:mahpog
ID: 39698297
the entry_dt on the table is defined as a char(10) not as a date type.  The reason for going through the convert, otherwise not recognized as a date.  

 AND ( a.entry_dt >= DATEADD(YEAR, (@selyear - 1900), 0)
                        AND   a.entry_dt <  DATEADD(YEAR, (@selyear - 1899), 0)  )

does not work.

@selyear is replaced with '2013' via cmd.addwithvalue parameter

@metric2 = "('14-1'),('15-1"),('31-11'),('31-14')  [displayed on top of report]
0
 

Author Comment

by:mahpog
ID: 39698885
i have reviewed the link about Sargable. I get right totals, if I hardcode values, if I replace with variables, never works. Code below: argh.......

        Dim selectsql1 As String = "Declare @sprno table (no varchar(10))  "
        selectsql1 &= "INSERT INTO @sprno (no)  "
        selectsql1 &= "VALUES   ('14-1'),('15-1'),('31-11'),('31-14')"
        selectsql1 &= "select s.no, isnull(count(u.srp_no),0) as ttlcnt "
        selectsql1 &= "from @sprno s  "
        selectsql1 &= "LEFT JOIN asrp_usage u ON u.srp_no = s.no "
        selectsql1 &= "AND convert(varchar(10),convert(datetime,u.entry_dt), 112) >= 20130101  "
        selectsql1 &= "AND convert(varchar(10),convert(datetime,u.entry_dt), 112) <= 20131231  "
        selectsql1 &= "and u.frp_ror = '1' "
        selectsql1 &= "and u.bus_type_gc = 'G' "
        selectsql1 &= "and u.location IN(Select Value FROM fn_Split(@locationlist, ',')) "
        selectsql1 &= "group by s.no "
        selectsql1 &= "order by s.no "
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Accepted Solution

by:
mahpog earned 0 total points
ID: 39699068
Here is final code that worked.

        ' Define ADO.NET objects.
        Dim selectsql1 As String = "Declare @sprno table (no varchar(10))  "
        selectsql1 &= "INSERT INTO @sprno (no)  "
        selectsql1 &= "VALUES " & Session("MetricList2").ToString() & " "
        selectsql1 &= "select s.no, isnull(count(u.srp_no),0) as ttlcnt "
        selectsql1 &= "from @sprno s  "
        selectsql1 &= "LEFT JOIN asrp_usage u ON u.srp_no = s.no "
        selectsql1 &= "AND convert(varchar(10),convert(datetime,u.entry_dt), 112) >= '" & Session("yearSelected").ToString() & "0101' "
        selectsql1 &= "AND convert(varchar(10),convert(datetime,u.entry_dt), 112) <= '" & Session("yearSelected").ToString() & "1231' "
        selectsql1 &= "and u.frp_ror = '1' "
        selectsql1 &= "and u.bus_type_gc = 'G' "
        selectsql1 &= "and u.location IN(Select Value FROM fn_Split(@locationlist, ',')) "
        selectsql1 &= "group by s.no "
        selectsql1 &= "order by s.no "


        ' Define the ADO.NET objects.
        Dim con1 As New SqlConnection(connectionString1)
        Dim cmd1 As New SqlCommand(selectsql1, con1)

        ' Add the parameters.
        cmd1.Parameters.AddWithValue("@locationlist", Session("LocationList"))
0
 

Author Comment

by:mahpog
ID: 39701761
resolved.
0
 

Author Closing Comment

by:mahpog
ID: 39710851
came up with solution.  closing.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SQL Server engine let you use a Windows account or a SQL Server account to connect to a SQL Server instance. This can be configured immediatly during the SQL Server installation or after in the Server Authentication section in the Server properties …
Occasionally there is a need to clean table columns, especially if you have inherited legacy data. There are obviously many ways to accomplish that, including elaborate UPDATE queries with anywhere from one to numerous REPLACE functions (even within…
Edureka is one of the fastest growing and most effective online learning sites.  We are here to help you succeed.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now