|
Perhaps
(SELECT CONCAT(BFirstName, ' ', BLastName) FROM CARDINFOPERM WHERE CardID = 1121) AS BAttention
This works, not sure if it's safe
(SELECT CONCAT(BFirstName, ' ', BLastName)) AS BAttention
modified 2-Jun-15 16:21pm.
|
|
|
|
|
Since it's the same table you can just write it like this:
SELECT
Label
, CONCAT(BFirstName, ' ', BLastName) AS BAttention
, BCity
FROM CardInfoPerm
WHERE CardID = 1121
jkirkerx wrote: not sure if it's safe If you're thinking about null-values:
Quote: Null values are implicitly converted to an empty string. If all the arguments are null, an empty string of type varchar(1) is returned. (From https://msdn.microsoft.com/en-us/library/hh231515.aspx[^])
So you might want to surround the CONCAT(..) with a TRIM(..).
If the brain were so simple we could understand it, we would be so simple we couldn't. — Lyall Watson
|
|
|
|
|
Cool
Thanks for the quick help Sascha!
|
|
|
|
|
You're welcome!
If the brain were so simple we could understand it, we would be so simple we couldn't. — Lyall Watson
|
|
|
|
|
I know I should use a stored procedure to do this but ths is not possible. In the code below return values from the "select" statements are being assigned to code variable values being concatenated with the actual Select statement. I am not talking about the code in the Where clause but the code in the "Select" portion. See the string as below:
query.Append(" SELECT e581_key, 'e581', 'rnlt', rnlt, '" + _rnlt + "' , 'SaveEditRNLT', '" + _logUserName + "', getdate() ");
query.Append(" FROM e581 "); <pre>
The select statement is then assigned to the DbCommand.CommandText of the command.ExecuteNonQuery.
How do I move the actual code variables being concatenated to some type of command parameter?
modified 2-Jun-15 15:29pm.
|
|
|
|
|
You need to pass the variables as parameters, in exactly the same way as you would for the WHERE clause:
using (var command = new SqlCommand("", connection))
{
var query = new StringBuilder();
...
query.Append(" SELECT e581_key, 'e581', 'rnlt', rnlt, @rnlt, 'SaveEditRNLT', @logUserName, getdate() ");
query.Append(" FROM e581 ");
command.Parameters.AddWithValue("@rnlt", _rnlt);
command.Parameters.AddWithValue("@logUserName", _logUserName);
...
command.CommandText = query.ToString();
...
}
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
I don't understand what you mean. for instance take the code below:
query.Append("SELECT e581_key, 'e581', 'pickup_date', pickup_date , '" + _dateMaterialRequired + "' , 'SaveEditPickup', '" + _logUserName + "', getdate() ");
<pre>
Now _dateMaterialRequired and _timeMaterialRequired are variables, properties, that belong to the to the class that called the hard coded SQL statement. When the SQL is called how are the select statement return values assigned to the variables, properties, that are in the calling code?
|
|
|
|
|
What?
The code you've shown passes the value of the variables from C# to SQL - using string concatenation, so it's vulnerable to SQL Injection. Those values are returned as part of the result-set of the query.
Nothing in the code you've shown will update the value of the C# variables.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
In the select statement I did not include the "Where" clause by mistake. But these values are being filled in by the Where clause. Sorry.
|
|
|
|
|
No, that still doesn't make any sense.
holdorf wrote: how are the select statement return values assigned to the variables, properties, that are in the calling code?
holdorf wrote: But these values are being filled in by the Where clause.
Executing a SQL query will never automatically update the value of a C# variable.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
I guess I am not making myself clear. This is working SQL code that update the C# variables from the query after it is called. What my job is to remove all of the SQL inject errors that exist from this working code.
|
|
|
|
|
No, what you have posted is working-but-vulnerable code which executes a query that includes the values of some C# variables in the results.
At no point does the code you've posted update the value of any C# variables.
Either you've forgotten to post that part of the code, or the code isn't doing what you think it's doing.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
I had a datbase with MDF file size 7GB but LDF file size is now 202GB. its big issue with my server. whats the best solution?
i tried to shrink but nothing happend. i took backup of logs but issue is still persist.
|
|
|
|
|
What the recovery mode of your DB?
Skipper: We'll fix it.
Alex: Fix it? How you gonna fix this?
Skipper: Grit, spit and a whole lotta duct tape.
|
|
|
|
|
|
How have you done the log backup?
(Remember that even full database backup will not truncate log if you are using full recovery mode...Only direct log backup will work here)
Skipper: We'll fix it.
Alex: Fix it? How you gonna fix this?
Skipper: Grit, spit and a whole lotta duct tape.
|
|
|
|
|
Dear I take full back of DB after that i take only logs backup then try to shrink the log file but failed to reduce the LDF size.
|
|
|
|
|
Can you share the commands you run?
Skipper: We'll fix it.
Alex: Fix it? How you gonna fix this?
Skipper: Grit, spit and a whole lotta duct tape.
|
|
|
|
|
I do with MS management studio.
|
|
|
|
|
OK. Explain how! (when you are using the Management Studio you have a 'Script' button at the top of the backup window. Pressing that button will give you the script Management Studio will run - copy that here!)
(I ask you this because these kind of things are working so probably you miss something and I try to figure out what)
Skipper: We'll fix it.
Alex: Fix it? How you gonna fix this?
Skipper: Grit, spit and a whole lotta duct tape.
|
|
|
|
|
Please see the generated script
USE [TEST_APP]
GO
DBCC SHRINKFILE (N'TEST_APP_Log' , 0, TRUNCATEONLY)
GO
I just want to truncate the logs.
|
|
|
|
|
TRUNCATE_ONLY option does not reorganize the file but try to free the empty block at the end of the log file...It is possible that without page-reorganization there is no actual space to free...
Instead of TRUNCATE_ONLY use tager_size...
DBCC SHRINKFILE('your-log-file', 200)
It will take much more time as SQL will try to reorganize pages inside the log file and drop them if marked properly by the backup process...
Skipper: We'll fix it.
Alex: Fix it? How you gonna fix this?
Skipper: Grit, spit and a whole lotta duct tape.
|
|
|
|
|
I just need some help to configure the DB as when i take bake up of LDF then DB must truncate the logs and LDF again in 2mb size. is it possible ?
i am doing the same exercise on another DB but on this i am failed.
|
|
|
|
|
Not with your model...
Skipper: We'll fix it.
Alex: Fix it? How you gonna fix this?
Skipper: Grit, spit and a whole lotta duct tape.
|
|
|
|
|
Can i change the model ? how ?
|
|
|
|