You cannot use a variable in this manner. You would need to use dynamic code.
Mongo: Mongo only pawn... in game of life.
Hay, Thank you so much for your valuable response. I am agree with you. But i can't find a way to do the replacement of the column name dynamically with a variable. If possible please explain the same. I believe. Thank you
Try something like this - as I am on holiday I have not had a chance to test this:
ALTER PROCEDURE [dbo].[SP_SearchByUserNeed]
@ColumnName varchar(20),
@Value Varchar(100)
declare @qry nvarchar(max);
set @qry = 'Select * From Product where @ColumnName like ' + '''' + @Value + '%' + '''';
END try
BEGIN catch
print('Error in [SP_SearchByProductName]')
END catch
Hugs and kisses to the downvoter
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
modified 16-Sep-15 8:55am.
That code is vulnerable to SQL injection. To execute dynamic parameterized queries within SQL, you need to use sp_executesql[^].
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
To create dynamic T-SQL you start with a variable for the code
SET @strSQL = N'Select * From Product where ' + @ColumnName + ' like @Value+''%'';';
EXECUTE sp_executesql @strSQL, @Value
Hope this helps
Mongo: Mongo only pawn... in game of life.
Almost! You're missing the parameter definition from sql_executesql . I'd also be inclined to validate the column name before concatenating it.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
It's early here.
Mongo: Mongo only pawn... in game of life.
This should work:
@ColumnName varchar(20),
@Value varchar(100)
DECLARE @RealColumnName sysname;
DECLARE @Statement nvarchar(max);
@RealColumnName = name
object_id = OBJECT_ID('Product')
name = @ColumnName
If @RealColumnName Is Null
RAISERROR('Unknown column: "%s"', 16, 1, @ColumnName);
SET @Statement = N'SELECT * FROM Product WHERE ' + QuoteName(@RealColumnName) + N' Like @Value + ''%''';
EXEC sp_executesql @Statement, N'@Value varchar(100)', @Value;
This will validate that the column name passed in is a valid column in the Product table, and avoid SQL Injection[^] in the dynamic query.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
I want to get all the proc names that were created or modified by a specific user or from a specific computer in the database.
Thank you
I would guess you are using Sql Server. AFAIK, there is no way to do so. The sys.procedures table does not show any field that matches what you request.
There is, see post below;
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
modified 15-Sep-15 14:09pm.
Closest I can think of is to list the SPs by "owner" ...don't think it's what you're after though. E.g.
exec sp_stored_procedures @sp_owner = 'dbo'
Or you could try using a log reader
FROM sys.fn_dblog(NULL,NULL) ..but only if there's a decent log, and if they did not log in using the sa-account.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
SQL does not! stores information about the person (user) modified any of its object, the only information stored is the last date it modified...
You may look into the trc files of the default trace (you may need to enable it), but it is good for a short time as it being overwritten periodically...
Skipper: We'll fix it.
Alex: Fix it? How you gonna fix this?
Skipper: Grit, spit and a whole lotta duct tape.
Dear all.
Manufacture Model No Length Width height
Manufacture 1 MD-01 200 300 100
Manufacture 1 MD-02 300 400 100
Manufacture 1 MD-03 400 300 150
Manufacture 2 MAD-01 200 450 100
Manufacture 2 MAD-02 250 400 100
Manufacture 3 MDI-01 300 300 100
Manufacture 4 MOv-01 350 300 100
I would like to create 2 combobox -
1) Manufacture 2 ) model No
Manufacture should display for above example Manufacture 1,Manufacture 2,Manufacture 3, Manufacture 4
when particular manufacture selected for example Manufacture 2 -> combox should display only MAD-01 & MAD 02.
Based on both selection text box must me loaded with length, width , height.
i tried sample code & try to assign the combox with database value. I found duplicate list of column. Like for combobox1 accumulate
Manufacture 1
Manufacture 1
Manufacture 1
Manufacture 2
Manufacture 2
Manufacture 3
Manufacture 4
Is there any example program available to do this. How can do this. can some one give example program for this
Also in the VB-forum; please don't crosspost.
Instead of removing the duplicates, I'd recommend to have a DISTINCT list of the names to load in the combo. Google for "SELECT DISTINCT" to get examples.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
was reading an article about memSQL ... seems to be good and new thing.. but wonder does it make any difference with other documented databases?
Didn't know the specific brand; TimesTen (from Oracle) works as advertised, I assume this one does the same.
Not very useful for documents - it is useful for high traffic data.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
memSQL is still a RDBM, but uses memory as storage, while document-base is noSQL...so not much to compare...
If you are interesting in hi-performance (real-time) data processing, you may check SQL's in-memory-tables...
Skipper: We'll fix it.
Alex: Fix it? How you gonna fix this?
Skipper: Grit, spit and a whole lotta duct tape.
Yes, its an ACID-compliant RDBMS.
Schatak wrote: seems to be good and new thing
Pretty sure when new things stop showing up in computing then people won't be doing computing any more.
So new doesn't mean much. The real question does it serve a real need significantly better than some older technology. Must be significant otherwise the learning time and the problems due to learning will not be an effective trade off.
And the vast majority of the time for any really "new" idiom the answer is no.
So based on that one shouldn't look for new technologies but rather look for solutions to real problems.
For example a real problem might be that an existing file based database using expertly created caching and expertly created database design fails to meet real performance needs.
This would be versus situations like the following
- My 'database' is slow, when no actual profiling has been done at all. (I don't even know what profiling is much less creating a simulation of actual production traffic.)
- My database is slow but I don't have any idea how databases work.
- I don't like SQL and consequently all my SQL ends up being written like it didn't exist.
- I don't even know what caching strategies are
- I read about this cool tool and I want to base the entire future of a company for the next 10 years on it just so I can play with it.
- As a developer I need to restore the database 20 times a day and it just takes too long so the database should be replaced even though there is no problem with performance in production.
I have a local db with a number of tables. One is a table with filenames. This method is supposed to remove the file from the database table HiddenFile with the id sent to the method.
I have been trying to solve this for a long time without success.
The code is:
public bool DeleteFile(Int32 identity)
string connString = "Data Source=(LocalDB)\\MSSQLLocalDB;AttachDbFilename=C:\\Code\\FileDB.mdf;Integrated Security=True;Connect Timeout=30";
SqlConnection dbConn = new SqlConnection(connString);
using (SqlCommand com = new SqlCommand("DELETE FROM HiddenFile WHERE Id = @Identity)", dbConn))
com.Parameters.AddWithValue("@Identity", identity);
return true;
When I run it, there is an error: "Incorrect syntax near ')'".
Can anybody see what the problem is?
modified 6-Sep-15 8:18am.
"DELETE FROM HiddenFile WHERE Id = @Identity)" <- you have here an unnecessary closing parenthesis...remove it...
Skipper: We'll fix it.
Alex: Fix it? How you gonna fix this?
Skipper: Grit, spit and a whole lotta duct tape.
I am using netbeans5.5 so how to connect with server to netbeans
Netbeans is an IDE not a programming language. Please explain in proper detail, what you are trying to do, and what problem(s) you are having.
I am going to start a big construction project with MVC. I am confused about Db choice.
Although worked with SQL server from past 5 years. but now thinking to use MongoDB.
Is it a good move?