Solved

Sql Stored Procedure

Posted on 2016-11-07
26
55 Views
Last Modified: 2016-11-08
Hello,

I have stored procedure which select fields from Table1 ,the need is that if one of the parameter is present it should search from table2 .
The SP is
ALTER PROCEDURE  [dbo].[M_Select_table1]
  

      @RequestedBy Nvarchar(255)=null,  @AuthBy Nvarchar(50)=null,  @Date1 VARCHAR(50) =null, @Date2 VARCHAR(50) =null,@Time VARCHAR(20) = NULL ,@PickUpTime VARCHAR(20) =				  NULL ,@PatientName Nvarchar(MAX)=null,
	  @Ref Nvarchar(50)=null ,@Auth Nvarchar(50)=null,@PickUpAddress Nvarchar(50)=null,@Address Nvarchar(50)=null ,@Comments Nvarchar(MAX)=null,
	  @Interpreter Nvarchar(50)=null,@CarRequest Nvarchar(50)=null,@SpecialInstructions Nvarchar(MAX)=null ,@FaxAuth Nvarchar(50)=null ,
	  @MReportRecieved Nvarchar(50)=null,@EnteredBy Nvarchar(MAX)=null ,@Attachments Nvarchar(50)	=null ,
	  @Title Nvarchar(10)= null ,@FaxNumber Nvarchar(50)=null ,@Attn Nvarchar(50)=null,@DoctorClinic Nvarchar(50)=null,@Year_Ref1 VARCHAR(8) =null,
	  @Year_Ref2 VARCHAR(8) =null,@table1 _UID  Nvarchar(MAX)=null

	  
         
AS
BEGIN
	-- SET NOCOUNT ON added to prevent extra result sets from
	-- interfering with SELECT statements.
	SET NOCOUNT ON;  
	
    DECLARE @SQL NVARCHAR(MAX)
    SET @SQL = 'SELECT cast(Ref as int) as Ref,RequestedBy,AuthBy,Date,Time,PickUpTime,PatientName,Auth,PickUpAddress,DoctorClinic,Address,Comments,Interpreter,CarRequest,
				SpecialInstructions,FaxAuth,MReportRecieved,EnteredBy,Attachments,Title,FaxNumber,Attn,table1_UID 
				FROM table1 WHERE ( DeleteRecord is null or DeleteRecord = 0)  '   
	
	   --IF  @Date <> ''
    --        SET @SQL = @SQL + '   AND DATE = ''' + CAST(@Date AS VARCHAR(20))  + '''' 	 

	    IF @Date1  <> '' AND @Date2  <> ''
		      SET @SQL =@SQL+ '   AND Date >= ' + ''''+ CAST(@Date1  AS VARCHAR(20))  + '''' + ' and Date <= ' + ''''+ CAST(@Date2  AS VARCHAR(20)) +''''		  
	    ELSE IF  @Date1  <> ''
			  SET @SQL = @SQL+ '   AND  Date >= '+ '''' + CAST(@Date1  AS VARCHAR(20))  +''''	
		Else IF @Date2  <> ''
			   SET @SQL = @SQL+ '  AND  Date <= '+'''' + CAST(@Date2  AS VARCHAR(20))+''''
	   IF  @PickUpTime <> ''
             SET @SQL = @SQL + '  AND CAST(PickUpTime AS Time) = ''' + @PickUpTime + ''''
       IF  @PatientName <> '' 	       
			 SET @SQL = @SQL + '  AND PatientName LIKE  ''%' + CAST(@PatientName AS  Nvarchar(MAX)) +  '%'''
       IF  @PickUpAddress <> ''
             SET @SQL = @SQL + '  AND PickUpAddress LIKE ''%'+ CAST(@PickUpAddress AS  Nvarchar(50)) + '%'''
	   IF  @AuthBy  <> ''
             SET @SQL = @SQL + '  AND AuthBy = ''' +  CAST(@AuthBy AS NVARCHAR(50))+ ''''
	  IF  @Time <> ''
             SET @SQL = @SQL + '  AND CAST(Time AS Time) = ''' + @Time + ''''
	   IF  @Ref  <> ''
             SET @SQL = @SQL + '  AND Ref = ''' + CAST(@Ref  AS  Nvarchar(50))  + '''' 	 		
	   IF  @Auth   <> ''       
	         SET @SQL = @SQL + '  AND Auth  LIKE  ''%'+ CAST(@Auth  AS  Nvarchar(50)) + '%'''			 		
	   IF  @RequestedBy  <> ''       
	         SET @SQL = @SQL + '  AND RequestedBy = ''' +  CAST(@RequestedBy AS NVARCHAR(50))+ ''''
   	   IF  @DoctorClinic  <> ''
             SET @SQL = @SQL + '  AND DoctorClinic LIKE ''%'+ CAST(@DoctorClinic AS NVARCHAR(50)) + '%'''
	   IF  @Address   <> ''
             SET @SQL = @SQL + '  AND Address LIKE ''%'+ CAST(@Address AS NVARCHAR(50)) + '%'''
       IF  @Comments   <> ''
             SET @SQL = @SQL + '  AND Comments LIKE ''%'+ CAST(@Comments AS NVARCHAR(max)) + '%'''
	   IF  @Interpreter  <> ''
             SET @SQL = @SQL + '  AND  Interpreter LIKE ''%'+ CAST(@Interpreter AS NVARCHAR(50)) + '%'''
       IF  @CarRequest   <> ''
             SET @SQL = @SQL + '  AND  CarRequest LIKE ''%'+ CAST(@CarRequest AS NVARCHAR(50)) + '%'''
       IF  @SpecialInstructions  <> ''
             SET @SQL = @SQL + '  AND  SpecialInstructions LIKE ''%'+ CAST(@SpecialInstructions AS NVARCHAR(max)) + '%'''
       IF  @FaxAuth   <> ''
             SET @SQL = @SQL + '  AND  FaxAuth LIKE ''%'+ CAST(@FaxAuth AS NVARCHAR(50)) + '%'''
	   IF  @MReportRecieved  <> ''
             SET @SQL = @SQL + '  AND  MReportRecieved LIKE ''%'+ CAST(@MReportRecieved AS NVARCHAR(50)) + '%'''
	   IF  @EnteredBy <> ''
             SET @SQL = @SQL + '  AND  EnteredBy  LIKE ''%'+ CAST(@EnteredBy AS NVARCHAR(max)) + '%'''
	   IF  @Attachments <> ''
             SET @SQL = @SQL + '  AND  Attachments LIKE ''%'+ CAST(@Attachments AS NVARCHAR(50)) + '%'''
	   IF  @Title <> ''
             SET @SQL = @SQL + '  AND  Title  LIKE ''%'+ CAST(@Title AS NVARCHAR(10)) + '%'''
	   IF  @FaxNumber <> ''
             SET @SQL = @SQL + '  AND  FaxNumber LIKE ''%'+ CAST(@FaxNumber AS NVARCHAR(50)) + '%'''    
	   IF  @Attn <> ''
             SET @SQL = @SQL + '  AND  Attn LIKE  ''%'+ CAST(@Attn AS NVARCHAR(50)) + '%'''   
    
		IF @Year_Ref1  <> '' AND @Year_Ref2  <> ''
		      SET @SQL =@SQL+ '   AND Year_Ref >= ' + CAST(@Year_Ref1  AS VARCHAR(8))  + 'and Year_Ref <= ' + CAST(@Year_Ref2  AS VARCHAR(8))  			  
	    ELSE IF  @Year_Ref1  <> ''
			  SET @SQL = @SQL+ '   AND  Year_Ref >=  ' + CAST(@Year_Ref1  AS VARCHAR(8))  
		Else IF @Year_Ref2  <> ''
			   SET @SQL = @SQL+ '  AND  Year_Ref <= ' + CAST(@Year_Ref2  AS VARCHAR(8)) 
			  
     




----	A period of time --> WHERE date >= @date1 and date <= @date2 (you will to receive two parameters for the date period (min and max dates).

----Before than ---> WHERE date < @date
----Later than --> WHERE date > @date

	   SET @SQL = @SQL + 'ORDER BY Ref Asc'	
	   SET @SQL = @SQL 

       EXECUTE (@SQL)
	   INSERT INTO M_DEBUG(SQL) VALUES (@SQL)
	   
	  --Print @SQL
	 

Open in new window


Now, if faxAuth is present then the search query should be

if faxAuth is <> '' then

  SET @SQL = 'SELECT cast(Ref as int) as Ref,dBy,AuthBy,Date
                        FROM table2 WHERE ( DeleteRecord is null or DeleteRecord = 0)  '  

How can i achieve this

Cheers
0
Comment
Question by:RIAS
  • 17
  • 8
26 Comments
 
LVL 48

Accepted Solution

by:
Vitor Montalvão earned 500 total points
ID: 41877044
Use a variable for SELECT, another one for FROM and another one for the WHERE clause.
This way you can built each part of the query separately and perform the validations that you need:
ALTER PROCEDURE  [dbo].[M_Select_table1]
  
      @RequestedBy Nvarchar(255)=null,  @AuthBy Nvarchar(50)=null,  @Date1 VARCHAR(50) =null, @Date2 VARCHAR(50) =null,@Time VARCHAR(20) = NULL ,@PickUpTime VARCHAR(20) =NULL ,@PatientName Nvarchar(MAX)=null,
	  @Ref Nvarchar(50)=null ,@Auth Nvarchar(50)=null,@PickUpAddress Nvarchar(50)=null,@Address Nvarchar(50)=null ,@Comments Nvarchar(MAX)=null,
	  @Interpreter Nvarchar(50)=null,@CarRequest Nvarchar(50)=null,@SpecialInstructions Nvarchar(MAX)=null ,@FaxAuth Nvarchar(50)=null ,
	  @MReportRecieved Nvarchar(50)=null,@EnteredBy Nvarchar(MAX)=null ,@Attachments Nvarchar(50)	=null ,
	  @Title Nvarchar(10)= null ,@FaxNumber Nvarchar(50)=null ,@Attn Nvarchar(50)=null,@DoctorClinic Nvarchar(50)=null,@Year_Ref1 VARCHAR(8) =null,
	  @Year_Ref2 VARCHAR(8) =null,@table1 _UID  Nvarchar(MAX)=null
         
AS
BEGIN
	-- SET NOCOUNT ON added to prevent extra result sets from
	-- interfering with SELECT statements.
	SET NOCOUNT ON;  
	
    DECLARE @SQL NVARCHAR(MAX)
	DECLARE @Where NVARCHAR(MAX)=''
	DECLARE @From NVARCHAR(MAX)=''
    SET @SQL = 'SELECT cast(Ref as int) as Ref,RequestedBy,AuthBy,Date,Time,PickUpTime,PatientName,Auth,PickUpAddress,DoctorClinic,Address,Comments,Interpreter,CarRequest,
				SpecialInstructions,FaxAuth,MReportRecieved,EnteredBy,Attachments,Title,FaxNumber,Attn,table1_UID '
	
	   --IF  @Date <> ''
    --        SET @SQL = @SQL + '   AND DATE = ''' + CAST(@Date AS VARCHAR(20))  + '''' 	 

	    IF @Date1  <> '' AND @Date2  <> ''
		      SET @Where =@Where+ '   AND Date >= ' + ''''+ CAST(@Date1  AS VARCHAR(20))  + '''' + ' and Date <= ' + ''''+ CAST(@Date2  AS VARCHAR(20)) +''''		  
	    ELSE IF  @Date1  <> ''
			  SET @Where = @Where+ '   AND  Date >= '+ '''' + CAST(@Date1  AS VARCHAR(20))  +''''	
		Else IF @Date2  <> ''
			   SET @Where = @Where+ '  AND  Date <= '+'''' + CAST(@Date2  AS VARCHAR(20))+''''
	   IF  @PickUpTime <> ''
             SET @Where = @Where + '  AND CAST(PickUpTime AS Time) = ''' + @PickUpTime + ''''
       IF  @PatientName <> '' 	       
			 SET @Where = @Where + '  AND PatientName LIKE  ''%' + CAST(@PatientName AS  Nvarchar(MAX)) +  '%'''
       IF  @PickUpAddress <> ''
             SET @Where = @Where + '  AND PickUpAddress LIKE ''%'+ CAST(@PickUpAddress AS  Nvarchar(50)) + '%'''
	   IF  @AuthBy  <> ''
             SET @Where = @Where + '  AND AuthBy = ''' +  CAST(@AuthBy AS NVARCHAR(50))+ ''''
	  IF  @Time <> ''
             SET @Where = @Where + '  AND CAST(Time AS Time) = ''' + @Time + ''''
	   IF  @Ref  <> ''
             SET @Where = @Where + '  AND Ref = ''' + CAST(@Ref  AS  Nvarchar(50))  + '''' 	 		
	   IF  @Auth   <> ''       
	         SET @Where = @Where + '  AND Auth  LIKE  ''%'+ CAST(@Auth  AS  Nvarchar(50)) + '%'''			 		
	   IF  @RequestedBy  <> ''       
	         SET @Where = @Where + '  AND RequestedBy = ''' +  CAST(@RequestedBy AS NVARCHAR(50))+ ''''
   	   IF  @DoctorClinic  <> ''
             SET @Where = @Where + '  AND DoctorClinic LIKE ''%'+ CAST(@DoctorClinic AS NVARCHAR(50)) + '%'''
	   IF  @Address   <> ''
             SET @Where = @Where + '  AND Address LIKE ''%'+ CAST(@Address AS NVARCHAR(50)) + '%'''
       IF  @Comments   <> ''
             SET @Where = @Where + '  AND Comments LIKE ''%'+ CAST(@Comments AS NVARCHAR(max)) + '%'''
	   IF  @Interpreter  <> ''
             SET @Where = @Where + '  AND  Interpreter LIKE ''%'+ CAST(@Interpreter AS NVARCHAR(50)) + '%'''
       IF  @CarRequest   <> ''
             SET @Where = @Where + '  AND  CarRequest LIKE ''%'+ CAST(@CarRequest AS NVARCHAR(50)) + '%'''
       IF  @SpecialInstructions  <> ''
             SET @Where = @Where + '  AND  SpecialInstructions LIKE ''%'+ CAST(@SpecialInstructions AS NVARCHAR(max)) + '%'''
       IF  @FaxAuth   <> ''
             SET @Where = @Where + '  AND  FaxAuth LIKE ''%'+ CAST(@FaxAuth AS NVARCHAR(50)) + '%'''
	   IF  @MReportRecieved  <> ''
             SET @Where = @Where + '  AND  MReportRecieved LIKE ''%'+ CAST(@MReportRecieved AS NVARCHAR(50)) + '%'''
	   IF  @EnteredBy <> ''
             SET @Where = @Where + '  AND  EnteredBy  LIKE ''%'+ CAST(@EnteredBy AS NVARCHAR(max)) + '%'''
	   IF  @Attachments <> ''
             SET @Where = @Where + '  AND  Attachments LIKE ''%'+ CAST(@Attachments AS NVARCHAR(50)) + '%'''
	   IF  @Title <> ''
             SET @Where = @Where + '  AND  Title  LIKE ''%'+ CAST(@Title AS NVARCHAR(10)) + '%'''
	   IF  @FaxNumber <> ''
             SET @Where = @Where + '  AND  FaxNumber LIKE ''%'+ CAST(@FaxNumber AS NVARCHAR(50)) + '%'''    
	   IF  @Attn <> ''
             SET @Where = @Where + '  AND  Attn LIKE  ''%'+ CAST(@Attn AS NVARCHAR(50)) + '%'''   
    
		IF @Year_Ref1  <> '' AND @Year_Ref2  <> ''
		      SET @Where =@Where+ '   AND Year_Ref >= ' + CAST(@Year_Ref1  AS VARCHAR(8))  + 'and Year_Ref <= ' + CAST(@Year_Ref2  AS VARCHAR(8))  			  
	    ELSE IF  @Year_Ref1  <> ''
			  SET @Where = @Where+ '   AND  Year_Ref >=  ' + CAST(@Year_Ref1  AS VARCHAR(8))  
		Else IF @Year_Ref2  <> ''
			   SET @Where = @Where+ '  AND  Year_Ref <= ' + CAST(@Year_Ref2  AS VARCHAR(8)) 
			  
     
		IF @Where=''
			BEGIN
				SET @From = ' FROM table2 '
				SET @Where = 'WHERE ( DeleteRecord is null or DeleteRecord = 0) ' + @Where
			END
		ELSE
			BEGIN
				SET @From = ' FROM table1 '
				SET @Where = 'WHERE ( DeleteRecord is null or DeleteRecord = 0)'
			END



----	A period of time --> WHERE date >= @date1 and date <= @date2 (you will to receive two parameters for the date period (min and max dates).

----Before than ---> WHERE date < @date
----Later than --> WHERE date > @date

	   SET @SQL = @SQL + @From + @Where + ' ORDER BY Ref Asc'	

       EXECUTE (@SQL)
       INSERT INTO M_DEBUG(SQL) VALUES (@SQL)
	   
	  --Print @SQL

Open in new window

1
 

Author Comment

by:RIAS
ID: 41877048
ThanksVitor,
Will try and get right back
0
 
LVL 33

Expert Comment

by:ste5an
ID: 41877069
And use sp_executesql. Your current code allows SQL injection. E.g. what happens when you search for patient named O'Neill?

Also use exact data types and use a parameter test, which does not depend on your unknown connection settings (SET ANSI_NULLS ON|OFF). E.g.

DECLARE @CarRequest NVARCHAR(255) = NULL;

SET ANSI_NULLS OFF;
SELECT  CASE WHEN @CarRequest <> '' THEN '<>""'
             ELSE '??'
        END ,
        CASE WHEN ISNULL(@CarRequest, '') <> '' THEN '<>""'
             ELSE '??'
        END;

SET ANSI_NULLS ON;
SELECT  CASE WHEN @CarRequest <> '' THEN '<>""'
             ELSE '??'
        END ,
        CASE WHEN ISNULL(@CarRequest, '') <> '' THEN '<>""'
             ELSE '??'
        END;

Open in new window


Use ISNULL(@CarRequest, '') <> '' to test for non-empty strings. And depending on your input a LTRIM(RTRIM(input_variable) should be considered.
1
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 

Author Closing Comment

by:RIAS
ID: 41877198
Cheers mate!
0
 

Author Comment

by:RIAS
ID: 41877244
Vitor,

It does not work quite right.

When faxAuth is present it should have a query like :

SELECT * FROM
CORRESPONDENCE b LEFT JOIN DIARY a ON a.REF = b.REF
where  a.FaxAuth = 'Yes'

Any suggestion.
0
 

Author Comment

by:RIAS
ID: 41877248
Stored procedure is
ALTER  PROCEDURE  [dbo].[M_Select_Correspondence]
  

   
         
      @FaxLetterMemo Nvarchar(255)=null,  @Date1 VARCHAR(50) =null, @Date2 VARCHAR(50),@To nvarchar(255) = NULL ,@Regarding nvarchar(255) = NULL,
         @Ref Nvarchar(50) ,@Auth Nvarchar(50)=null,@SentBy Nvarchar(255)=null,@Attachments Nvarchar(255)=null,  
      @FaxNo Nvarchar(50)=null ,@Attn Nvarchar(50)=null,@FaxAuth Nvarchar(50)=null,@Year_Ref1 VARCHAR(8) =null,
         @Year_Ref2 VARCHAR(8) =null,@Correspondence_UID  Nvarchar(MAX)=null

         
AS
BEGIN
       -- SET NOCOUNT ON added to prevent extra result sets from
       -- interfering with SELECT statements.
       SET NOCOUNT ON;  
       
    DECLARE @SQL NVARCHAR(MAX)

       SET @SQL = 'SELECT [Date], cast(Ref as int) as Ref,Auth,FaxAuth,Attachments,FaxNo,Attn,FaxLetterMemo,[To],[Regarding],[SentBy],Correspondence_UID                     
                           FROM CORRESPONDENCE WHERE ( DeleteRecord is null or DeleteRecord = 0) '       
       
        IF @Date1  <> '' AND @Date2  <> ''
                   SET @SQL =@SQL+ '   AND Date >= ' + ''''+ CAST(@Date1  AS VARCHAR(20))  + '''' + ' and Date <= ' + ''''+ CAST(@Date2  AS VARCHAR(20)) +''''               
           ELSE IF  @Date1  <> ''
                     SET @SQL = @SQL+ '   AND  Date >= '+ '''' + CAST(@Date1  AS VARCHAR(20))  +''''       
              Else IF @Date2  <> ''
                     SET @SQL = @SQL+ '  AND  Date <= '+'''' + CAST(@Date2  AS VARCHAR(20))+''''       
          IF  @Ref  <> ''
             SET @SQL = @SQL + '  AND Ref = ''' + CAST(@Ref  AS  Nvarchar(50))  + ''''    
          IF  @Auth   <> ''       
             --SET @SQL = @SQL + '  AND Auth = ''' +  CAST(@Auth AS NVARCHAR(50))+ ''''
                   SET @SQL = @SQL + '  AND LTRIM(RTRIM(Auth)) = ''' +  CAST(@Auth AS NVARCHAR(50))+ ''''                         
          IF  @FaxAuth <> ''
             SET @SQL = @SQL + '  AND FaxAuth LIKE ''' + CAST(@FaxAuth AS VARCHAR(255)) + ''''          
          IF  @Attachments <> ''
             SET @SQL = @SQL + '  AND  Attachments LIKE ''%'+ CAST(@Attachments AS NVARCHAR(255)) + '%''' 
          IF  @To <> ''
             SET @SQL = @SQL + '  AND  [To] LIKE ''%'+ CAST(@To AS NVARCHAR(255)) + '%'''                      
          IF  @Regarding <> ''
             SET @SQL = @SQL + '  AND  [Regarding] LIKE ''%'+ CAST(@Regarding AS NVARCHAR(255)) + '%'''                   
          IF  @SentBy <> ''
             SET @SQL = @SQL + '  AND  [SentBy] = '+'''' + CAST(@SentBy  AS VARCHAR(50))+''''   
          IF  @FaxNo <> ''
             SET @SQL = @SQL + '  AND  FaxNo LIKE ''%'+ CAST(@FaxNo AS NVARCHAR(255)) + '%'''    
          IF  @Attn <> ''
             SET @SQL = @SQL + '  AND  Attn LIKE  ''%'+ CAST(@Attn AS NVARCHAR(255)) + '%'''   
          IF  @FaxLetterMemo <> ''
             SET @SQL = @SQL + '  AND  FaxLetterMemo  = ''' +  CAST(@FaxLetterMemo AS NVARCHAR(255))+ ''''     
    
    
          IF @Year_Ref1  <> '' AND @Year_Ref2  <> ''
                    SET @SQL =@SQL+ '   AND Year_Ref >= ' + CAST(@Year_Ref1  AS VARCHAR(8))  + 'and Year_Ref <= ' + CAST(@Year_Ref2  AS VARCHAR(8))                        
           ELSE IF  @Year_Ref1  <> ''
                       SET @SQL = @SQL+ '   AND  Year_Ref >=  ' + CAST(@Year_Ref1  AS VARCHAR(8))  
              Else IF @Year_Ref2  <> ''
                        SET @SQL = @SQL+ '  AND  Year_Ref <= ' + CAST(@Year_Ref2  AS VARCHAR(8)) 
                       
     




----   A period of time --> WHERE date >= @date1 and date <= @date2 (you will to receive two parameters for the date period (min and max dates).

----Before than ---> WHERE date < @date
----Later than --> WHERE date > @date

          SET @SQL = @SQL + 'ORDER BY Ref Asc'         
          SET @SQL = @SQL 

       EXECUTE (@SQL)
          INSERT INTO M_DEBUG(SQL) VALUES (@SQL)
          
         --Print @SQL
       

Open in new window

0
 

Author Comment

by:RIAS
ID: 41877253
The requirement was if faxAuth = 'Yes'  then

SELECT * FROM
CORRESPONDENCE b LEFT JOIN DIARY a ON a.REF = b.REF
where  a.FaxAuth = 'Yes'  and  
  IF @Date1  <> '' AND @Date2  <> ''
                   SET @SQL =@SQL+ '   AND Date >= ' + ''''+ CAST(@Date1  AS VARCHAR(20))  + '''' + ' and Date <= ' + ''''+ CAST(@Date2  AS VARCHAR(20)) +''''              
           ELSE IF  @Date1  <> ''
                     SET @SQL = @SQL+ '   AND  Date >= '+ '''' + CAST(@Date1  AS VARCHAR(20))  +''''      
              Else IF @Date2  <> ''
                     SET @SQL = @SQL+ '  AND  Date <= '+'''' + CAST(@Date2  AS VARCHAR(20))+''''      

Cheers!
0
 
LVL 48

Expert Comment

by:Vitor Montalvão
ID: 41877262
When faxAuth is present it should have a query like :
Is this a new requirement? I can see by the SELECT that you're not using table1 nor table2.
Also you're referencing an "a" table that looks like is missing in your SELECT.
0
 
LVL 48

Expert Comment

by:Vitor Montalvão
ID: 41877278
The requirement was if faxAuth = 'Yes'  then
Ohh, missed that. I will review the code and back to you asap.
0
 

Author Comment

by:RIAS
ID: 41877288
Hey thanks Vitor,
Please ignore the SP I posted in my first post. The later one is correct.
0
 
LVL 48

Expert Comment

by:Vitor Montalvão
ID: 41877302
Please ignore the SP I posted in my first post. The later one is correct.
Ok but still missing table "a".
Also the date validation is only true for this exception (faxAuth = 'Yes'  )?
0
 

Author Comment

by:RIAS
ID: 41877307
ALTER  PROCEDURE  [dbo].[M_Select_Correspondence]
  

   
         
      @FaxLetterMemo Nvarchar(255)=null,  @Date1 VARCHAR(50) =null, @Date2 VARCHAR(50),@To nvarchar(255) = NULL ,@Regarding nvarchar(255) = NULL,
         @Ref Nvarchar(50) ,@Auth Nvarchar(50)=null,@SentBy Nvarchar(255)=null,@Attachments Nvarchar(255)=null,  
      @FaxNo Nvarchar(50)=null ,@Attn Nvarchar(50)=null,@FaxAuth Nvarchar(50)=null,@Year_Ref1 VARCHAR(8) =null,
         @Year_Ref2 VARCHAR(8) =null,@Correspondence_UID  Nvarchar(MAX)=null

         
AS
BEGIN
       -- SET NOCOUNT ON added to prevent extra result sets from
       -- interfering with SELECT statements.
       SET NOCOUNT ON;  
       
    DECLARE @SQL NVARCHAR(MAX)

       SET @SQL = 'SELECT [Date], cast(Ref as int) as Ref,Auth,FaxAuth,Attachments,FaxNo,Attn,FaxLetterMemo,[To],[Regarding],[SentBy],Correspondence_UID                     
                           FROM CORRESPONDENCE WHERE ( DeleteRecord is null or DeleteRecord = 0) '       
       
        IF @Date1  <> '' AND @Date2  <> ''
                   SET @SQL =@SQL+ '   AND Date >= ' + ''''+ CAST(@Date1  AS VARCHAR(20))  + '''' + ' and Date <= ' + ''''+ CAST(@Date2  AS VARCHAR(20)) +''''               
           ELSE IF  @Date1  <> ''
                     SET @SQL = @SQL+ '   AND  Date >= '+ '''' + CAST(@Date1  AS VARCHAR(20))  +''''       
              Else IF @Date2  <> ''
                     SET @SQL = @SQL+ '  AND  Date <= '+'''' + CAST(@Date2  AS VARCHAR(20))+''''       
          IF  @Ref  <> ''
             SET @SQL = @SQL + '  AND Ref = ''' + CAST(@Ref  AS  Nvarchar(50))  + ''''    
          IF  @Auth   <> ''       
             --SET @SQL = @SQL + '  AND Auth = ''' +  CAST(@Auth AS NVARCHAR(50))+ ''''
                   SET @SQL = @SQL + '  AND LTRIM(RTRIM(Auth)) = ''' +  CAST(@Auth AS NVARCHAR(50))+ ''''                         
          IF  @FaxAuth <> ''
             SET @SQL = @SQL + '  AND FaxAuth LIKE ''' + CAST(@FaxAuth AS VARCHAR(255)) + ''''          
          IF  @Attachments <> ''
             SET @SQL = @SQL + '  AND  Attachments LIKE ''%'+ CAST(@Attachments AS NVARCHAR(255)) + '%''' 
          IF  @To <> ''
             SET @SQL = @SQL + '  AND  [To] LIKE ''%'+ CAST(@To AS NVARCHAR(255)) + '%'''                      
          IF  @Regarding <> ''
             SET @SQL = @SQL + '  AND  [Regarding] LIKE ''%'+ CAST(@Regarding AS NVARCHAR(255)) + '%'''                   
          IF  @SentBy <> ''
             SET @SQL = @SQL + '  AND  [SentBy] = '+'''' + CAST(@SentBy  AS VARCHAR(50))+''''   
          IF  @FaxNo <> ''
             SET @SQL = @SQL + '  AND  FaxNo LIKE ''%'+ CAST(@FaxNo AS NVARCHAR(255)) + '%'''    
          IF  @Attn <> ''
             SET @SQL = @SQL + '  AND  Attn LIKE  ''%'+ CAST(@Attn AS NVARCHAR(255)) + '%'''   
          IF  @FaxLetterMemo <> ''
             SET @SQL = @SQL + '  AND  FaxLetterMemo  = ''' +  CAST(@FaxLetterMemo AS NVARCHAR(255))+ ''''     
    
    
          IF @Year_Ref1  <> '' AND @Year_Ref2  <> ''
                    SET @SQL =@SQL+ '   AND Year_Ref >= ' + CAST(@Year_Ref1  AS VARCHAR(8))  + 'and Year_Ref <= ' + CAST(@Year_Ref2  AS VARCHAR(8))                        
           ELSE IF  @Year_Ref1  <> ''
                       SET @SQL = @SQL+ '   AND  Year_Ref >=  ' + CAST(@Year_Ref1  AS VARCHAR(8))  
              Else IF @Year_Ref2  <> ''
                        SET @SQL = @SQL+ '  AND  Year_Ref <= ' + CAST(@Year_Ref2  AS VARCHAR(8)) 
                       
     




----   A period of time --> WHERE date >= @date1 and date <= @date2 (you will to receive two parameters for the date period (min and max dates).

----Before than ---> WHERE date < @date
----Later than --> WHERE date > @date

          SET @SQL = @SQL + 'ORDER BY Ref Asc'         
          SET @SQL = @SQL 

       EXECUTE (@SQL)
          INSERT INTO M_DEBUG(SQL) VALUES (@SQL)
          
         --Print @SQL
       

Open in new window

0
 

Author Comment

by:RIAS
ID: 41877310
This one is the correct Sp.

yes,the validation is for faxAuth ='yes' and also consider the dates as parameter for filteration of the rows which have faxauth 'yes'.

Date and faxauth are the common columns between the two tables.
0
 

Author Comment

by:RIAS
ID: 41877323
Thank you so much mate!
0
 
LVL 48

Expert Comment

by:Vitor Montalvão
ID: 41877329
Try this version:
ALTER  PROCEDURE  [dbo].[M_Select_Correspondence] 
         
      @FaxLetterMemo Nvarchar(255)=null,  @Date1 VARCHAR(50) =null, @Date2 VARCHAR(50),@To nvarchar(255) = NULL ,@Regarding nvarchar(255) = NULL,
      @Ref Nvarchar(50) ,@Auth Nvarchar(50)=null,@SentBy Nvarchar(255)=null,@Attachments Nvarchar(255)=null,  
      @FaxNo Nvarchar(50)=null ,@Attn Nvarchar(50)=null,@FaxAuth Nvarchar(50)=null,@Year_Ref1 VARCHAR(8) =null,
      @Year_Ref2 VARCHAR(8) =null,@Correspondence_UID  Nvarchar(MAX)=null
         
AS
BEGIN
       -- SET NOCOUNT ON added to prevent extra result sets from
       -- interfering with SELECT statements.
	SET NOCOUNT ON;  
       
    DECLARE @SQL NVARCHAR(MAX)

	IF  @FaxAuth   <> ''
	BEGIN
		SET @SQL = 'SELECT * 
					FROM CORRESPONDENCE b 
						LEFT JOIN DIARY a ON a.REF = b.REF
					WHERE a.FaxAuth = ''Yes'''  
		IF @Date1  <> '' AND @Date2  <> ''
			SET @SQL =@SQL+ '  AND Date >= ' + ''''+ CAST(@Date1  AS VARCHAR(20))  + '''' + ' and Date <= ' + ''''+ CAST(@Date2  AS VARCHAR(20)) +''''               
		ELSE IF  @Date1  <> ''
				SET @SQL = @SQL+ '  AND  Date >= '+ '''' + CAST(@Date1  AS VARCHAR(20))  +''''       
			Else IF @Date2  <> ''
					SET @SQL = @SQL+ ' AND  Date <= '+'''' + CAST(@Date2  AS VARCHAR(20))+''''       

	END

	ELSE
	BEGIN
		SET @SQL = 'SELECT [Date], cast(Ref as int) as Ref,Auth,FaxAuth,Attachments,FaxNo,Attn,FaxLetterMemo,[To],[Regarding],[SentBy],Correspondence_UID                     
					FROM CORRESPONDENCE 
					WHERE (DeleteRecord is null or DeleteRecord = 0) '       
       
		IF @Date1  <> '' AND @Date2  <> ''
			SET @SQL =@SQL+ '   AND Date >= ' + ''''+ CAST(@Date1  AS VARCHAR(20))  + '''' + ' and Date <= ' + ''''+ CAST(@Date2  AS VARCHAR(20)) +''''               
		ELSE IF  @Date1  <> ''
				SET @SQL = @SQL+ '   AND  Date >= '+ '''' + CAST(@Date1  AS VARCHAR(20))  +''''       
			Else IF @Date2  <> ''
				SET @SQL = @SQL+ '  AND  Date <= '+'''' + CAST(@Date2  AS VARCHAR(20))+''''       
          
		IF  @Ref  <> ''
			SET @SQL = @SQL + '  AND Ref = ''' + CAST(@Ref  AS  Nvarchar(50))  + ''''    

		IF  @Auth   <> ''       
			--SET @SQL = @SQL + '  AND Auth = ''' +  CAST(@Auth AS NVARCHAR(50))+ ''''
			SET @SQL = @SQL + '  AND LTRIM(RTRIM(Auth)) = ''' +  CAST(@Auth AS NVARCHAR(50))+ ''''                         
          
		IF  @FaxAuth <> ''
			SET @SQL = @SQL + '  AND FaxAuth LIKE ''' + CAST(@FaxAuth AS VARCHAR(255)) + ''''          
          
		IF  @Attachments <> ''
			SET @SQL = @SQL + '  AND  Attachments LIKE ''%'+ CAST(@Attachments AS NVARCHAR(255)) + '%''' 
          
		IF  @To <> ''
			SET @SQL = @SQL + '  AND  [To] LIKE ''%'+ CAST(@To AS NVARCHAR(255)) + '%'''                      
          
		IF  @Regarding <> ''
			SET @SQL = @SQL + '  AND  [Regarding] LIKE ''%'+ CAST(@Regarding AS NVARCHAR(255)) + '%'''                   
          
		IF  @SentBy <> ''
			SET @SQL = @SQL + '  AND  [SentBy] = '+'''' + CAST(@SentBy  AS VARCHAR(50))+''''   
          
		IF  @FaxNo <> ''
			SET @SQL = @SQL + '  AND  FaxNo LIKE ''%'+ CAST(@FaxNo AS NVARCHAR(255)) + '%'''    
          
		IF  @Attn <> ''
			SET @SQL = @SQL + '  AND  Attn LIKE  ''%'+ CAST(@Attn AS NVARCHAR(255)) + '%'''   
          
		IF  @FaxLetterMemo <> ''
			SET @SQL = @SQL + '  AND  FaxLetterMemo  = ''' +  CAST(@FaxLetterMemo AS NVARCHAR(255))+ ''''     
    
		IF @Year_Ref1  <> '' AND @Year_Ref2  <> ''
			SET @SQL =@SQL+ '   AND Year_Ref >= ' + CAST(@Year_Ref1  AS VARCHAR(8))  + 'and Year_Ref <= ' + CAST(@Year_Ref2  AS VARCHAR(8))                        
		ELSE IF  @Year_Ref1  <> ''
				SET @SQL = @SQL+ '   AND  Year_Ref >=  ' + CAST(@Year_Ref1  AS VARCHAR(8))  
			Else IF @Year_Ref2  <> ''
					SET @SQL = @SQL+ '  AND  Year_Ref <= ' + CAST(@Year_Ref2  AS VARCHAR(8)) 
                       

	----A period of time --> WHERE date >= @date1 and date <= @date2 (you will to receive two parameters for the date period (min and max dates).
	----Before than ---> WHERE date < @date
	----Later than --> WHERE date > @date

		SET @SQL = @SQL + 'ORDER BY Ref Asc'         
	END
	
	EXECUTE (@SQL)
    INSERT INTO M_DEBUG(SQL) VALUES (@SQL)
          
	--Print @SQL

Open in new window

1
 

Author Comment

by:RIAS
ID: 41877335
trying mate...
0
 

Author Comment

by:RIAS
ID: 41877337
Thanks,
When I give date criteria , it says ambiguous column name Date ?
0
 
LVL 48

Expert Comment

by:Vitor Montalvão
ID: 41877340
When I give date criteria , it says ambiguous column name Date ?
"Date and faxauth are the common columns between the two tables. "

Looks like you'll need to provide the table alias so the engine knows from which table it needs to perform the filter.
0
 

Author Comment

by:RIAS
ID: 41877343
How do i do it?
0
 

Author Comment

by:RIAS
ID: 41877349
Tryimng this :

IF  @FaxAuth   <> ''
	BEGIN
		SET @SQL = 'SELECT b.[Date], cast(b.Ref as int) as b.Ref,b.Auth,b.FaxAuth,b.Attachments,b.FaxNo,b.Attn,b.FaxLetterMemo,b.[To],b.[Regarding],b.[SentBy],b.Correspondence_UID    
					FROM CORRESPONDENCE b 
						LEFT JOIN DIARY a ON a.REF = b.REF
					WHERE a.FaxAuth = ''Yes'''  
		IF @Date1  <> '' AND @Date2  <> ''
			SET @SQL =@SQL+ '  AND Date >= ' + ''''+ CAST(@Date1  AS VARCHAR(20))  + '''' + ' and Date <= ' + ''''+ CAST(@Date2  AS VARCHAR(20)) +''''               
		ELSE IF  @Date1  <> ''
				SET @SQL = @SQL+ '  AND  Date >= '+ '''' + CAST(@Date1  AS VARCHAR(20))  +''''       
			Else IF @Date2  <> ''
					SET @SQL = @SQL+ ' AND  Date <= '+'''' + CAST(@Date2  AS VARCHAR(20))+''''       

	END

Open in new window

0
 

Author Comment

by:RIAS
ID: 41877359
Vitor ,

This worked

	SET @SQL = 'SELECT   b.[Date], cast(b.Ref as int) as Ref,b.Auth,b.FaxAuth,b.Attachments,b.FaxNo,b.Attn,b.FaxLetterMemo,b.[To],b.[Regarding],b.[SentBy],b.Correspondence_UID    
					FROM CORRESPONDENCE b 
						LEFT JOIN DIARY a ON a.REF = b.REF
					WHERE a.FaxAuth = ''Yes'''  
		IF @Date1  <> '' AND @Date2  <> ''
			SET @SQL =@SQL+ '  AND b.Date >= ' + ''''+ CAST(@Date1  AS VARCHAR(20))  + '''' + ' and b.Date <= ' + ''''+ CAST(@Date2  AS VARCHAR(20)) +''''               
		ELSE IF  @Date1  <> ''
				SET @SQL = @SQL+ '  AND  b.Date >= '+ '''' + CAST(@Date1  AS VARCHAR(20))  +''''       
			Else IF @Date2  <> ''
					SET @SQL = @SQL+ ' AND  b.Date <= '+'''' + CAST(@Date2  AS VARCHAR(20))+''''       

Open in new window

0
 

Author Comment

by:RIAS
ID: 41877362
Really can't thank you enough! Genius!
0
 
LVL 48

Expert Comment

by:Vitor Montalvão
ID: 41877368
Good that you've worked it out :)
Cheers
0
 

Author Comment

by:RIAS
ID: 41877370
Vitor,

Only the thing is multiple identical  rows are displayed where as it should be only one .
0
 
LVL 48

Expert Comment

by:Vitor Montalvão
ID: 41877392
This means your JOIN doesn't restrict to single records. You'll need to work it out or add a GROUP BY clause:
IF  @FaxAuth   <> ''
	BEGIN
		SET @SQL = 'SELECT b.[Date], cast(b.Ref as int) as Ref,b.Auth,b.FaxAuth,b.Attachments,b.FaxNo,b.Attn,b.FaxLetterMemo,b.[To],b.[Regarding],b.[SentBy],b.Correspondence_UID    
					FROM CORRESPONDENCE b 
						LEFT JOIN DIARY a ON a.REF = b.REF
					WHERE a.FaxAuth = ''Yes'''  
		IF @Date1  <> '' AND @Date2  <> ''
			SET @SQL =@SQL+ '  AND b.Date >= ' + ''''+ CAST(@Date1  AS VARCHAR(20))  + '''' + ' and b.Date <= ' + ''''+ CAST(@Date2  AS VARCHAR(20)) +''''               
		ELSE IF  @Date1  <> ''
				SET @SQL = @SQL+ '  AND  b.Date >= '+ '''' + CAST(@Date1  AS VARCHAR(20))  +''''       
			Else IF @Date2  <> ''
					SET @SQL = @SQL+ ' AND  b.Date <= '+'''' + CAST(@Date2  AS VARCHAR(20))+''''       
			
		IF @Date1  <> '' AND @Date2  <> ''
			SET @SQL =@SQL+ '  AND Date >= ' + ''''+ CAST(@Date1  AS VARCHAR(20))  + '''' + ' and Date <= ' + ''''+ CAST(@Date2  AS VARCHAR(20)) +''''               
		ELSE IF  @Date1  <> ''
				SET @SQL = @SQL+ '  AND  Date >= '+ '''' + CAST(@Date1  AS VARCHAR(20))  +''''       
			Else IF @Date2  <> ''
					SET @SQL = @SQL+ ' AND  Date <= '+'''' + CAST(@Date2  AS VARCHAR(20))+''''       

		SET @SQL = @SQL + ' GROUP BY b.[Date], cast(b.Ref as int) as Ref,b.Auth,b.FaxAuth,b.Attachments,b.FaxNo,b.Attn,b.FaxLetterMemo,b.[To],b.[Regarding],b.[SentBy],b.Correspondence_UID'
	END

Open in new window

1
 

Author Comment

by:RIAS
ID: 41878345
Thanks Vitor,All done! Worked perfectly.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
Ever needed a SQL 2008 Database replicated/mirrored/log shipped on another server but you can't take the downtime inflicted by initial snapshot or disconnect while T-logs are restored or mirror applied? You can use SQL Server Initialize from Backup…
Via a live example, show how to backup a database, simulate a failure backup the tail of the database transaction log and perform the restore.
Via a live example, show how to setup several different housekeeping processes for a SQL Server.

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question