|
Do you have SQL Server Express Edition installed as well? I have both, I wonder if it's not because of the Express edition "being in the way"?
I wonder if you can do queries from SQL Server 2005 through Visual Web Developer, SQL Server Express comes with VWD, and you can do queries through VWD.
What IDE do you code in?
|
|
|
|
|
ma se wrote: Do you have SQL Server Express Edition installed as well?
Yes, but I don't recall in which order they were installed.
ma se wrote: I wonder if it's not because of the Express edition "being in the way"?
I wouldn't think so. The Express Edition is just the database engine and not much more.
ma se wrote: What IDE do you code in?
Visual Studio 2005 Professional Edition. But I still use SQL Server 2000's Query Analyzer for scripting.
ColinMackay.net
"Man who stand on hill with mouth open will wait long time for roast duck to drop in." -- Confucius
"If a man empties his purse into his head, no man can take it away from him, for an investment in knowledge pays the best interest." -- Joseph E. O'Donnell
|
|
|
|
|
Hi:
SQL Exception Message in C#:
Message:
The name 'SqlCommand' is not permitted in this context. Only constants, expressions, or variables allowed here. Column names are not permitted.
CODE:
//opening Conn
sqlConnection1.Open();
//creating SQL Command
SqlCommand insert_item = new SqlCommand("INSERT INTO inventory_item(stock_no, name, type, net_location, tag, brand_name, model_no, serial_no, machine_type_p_wh, oper_sys, ram, display, sound_card, nic, monitor, acess_type, computer_full_name, warranty, status, comments, emp_no, cate_no, supp_no) VALUES ('"+te_item_stock_no.Text+"','"+te_item_name.Text+"','"+te_item_type.Text+"','"+te_item_location.Text+"','"+te_item_tag.Text+"','"+te_item_brand_name.Text+"','"+te_item_model_no.Text+"','"+te_item_serial_no.Text+"','"+te_item_pentium.Text+"','"+te_item_os.Text+"','"+te_item_ram.Text+"','"+te_item_display.Text+"','"+te_item_sound_card.Text+"','"+te_item_nic.Text+"','"+te_item_monitor.Text+"','"+te_item_access_type.Text+"','"+te_item_computer_name.Text+"','"+te_item_warraty.Text+"','"+te_item_status.Text+"','"+te_item_comments.Text+"',"+"NULL"+","+cate_no_FK+","+supp_no+");", sqlConnection1);
//executing
int rows_affected = insert_item.ExecuteNonQuery();
//closing
sqlConnection1.Close();
Message:
The name 'SqlCommand' is not permitted in this context. Only constants, expressions, or variables allowed here. Column names are not permitted.
|
|
|
|
|
Solved
cuz
in VALUES('test',...)
you only put the new value with specifying the column.
i used the sql from SQL server but ut only works there and not in C#.
Arigato Menna
|
|
|
|
|
Your real problem is SQL injection! Use parameters! You cannot put everything between quotes (for example, dates).
|
|
|
|
|
To follow up on what George L. Jackson said: You might find this article, SQL Injection Attacks and tips on how to prevent them[^], to be useful.
ColinMackay.net
"Man who stand on hill with mouth open will wait long time for roast duck to drop in." -- Confucius
"If a man empties his purse into his head, no man can take it away from him, for an investment in knowledge pays the best interest." -- Joseph E. O'Donnell
|
|
|
|
|
Thanks Colin and George for your kind concern.
and I'm already validataing input via TextBox_TextChanged.
Thanks;)
|
|
|
|
|
cbhkenshin wrote: I'm already validataing input via TextBox_TextChanged.
It doesn't matter, you should use parameters as a matter of course. Your validation may have an unexpected flaw it in that you are not aware of. If you have available a tool to improve the security of your application that isn't going to take any longer to implement that they way you were doing before (and using parameters instead of injecting values has other advantages as well) then it should be used.
I occasionally have to do security audits of code. If you inject a value into a SQL string where it was possible to use a parameter I'd fail the code. Its as simple as that. It wouldn't matter that I see you validating the input (which is a very commendable thing to do, and you should continue to do that). I don't know every possible attack vector, so I use parameters as an extra safe guard in case I've forgotten about something.
ColinMackay.net
Scottish Developers are looking for speakers for user group sessions over the next few months. Do you want to know more?
|
|
|
|
|
Hi
Table1 has Warehouse, Product, Line_No, ....
Table2 has Warehouse, Product, Line_No, Circuit_Ref.
Table1 has a record for all Products
Table2 has records for some products
How do I write an MS-SQL query that will join on all 3 fields(Warehouse, Product and Line_no), and show ALL rows from Table1 and show Circuit_Ref from Table2 if it exists.
Thanks
Richard
|
|
|
|
|
Please post a more detailed description of you database structure and provide some sample data.
Q:What does the derived class in C# tell to it's parent?
A:All your base are belong to us!
|
|
|
|
|
Hi
1) Table bmassdm is a full list of products
bmassdm fields: warehouse, product_code, circuit_number
2) Table bmasscm contains circuit references for some of the items in bmassdm
bmasscm fields: warehouse, product_code, circuit_number, circuit_reference
I need to select all the rows from bmassdm, and need to get the circuit_reference from bmasscm if there is one
The statement below gets ONLY the rows from bmassdm that ALSO have a circuit_reference
strSelect = "SELECT bmassdm.warehouse + " _
& "bmassdm.product_code, " _
& "bmasscm.circuit_reference " _
& "FROM (bmassdm INNER JOIN bmasscm " _
& "ON (bmassdm.product_code = bmasscm.product_code) " _
& "AND (bmassdm.assembly_warehouse = bmasscm.assembly_warehouse) " _
& "AND (bmassdm.circuit_number = bmasscm.circuit_number) " _
|
|
|
|
|
RichardBerry wrote: Table1 has Warehouse, Product, Line_No, ....
Table2 has Warehouse, Product, Line_No, Circuit_Ref.
Hi Richard:
First of all what i've understod from your message that you have table1 and table2 which both have their Warehouse, Product, Line_No in common and thats Wrong you should normlize your database.
I'll give you a query that will give you an answer to joining.
SELECT inventory_item.stock_no, inventory_item.type, accessories.name, hard_disks.model_no
FROM inventory_item INNER JOIN accessories ON inventory_item.accs_no = accessories.accs_no INNER JOIN hard_disks ON inventory_item.item_no = hard_disks.inv_no
|
|
|
|
|
cbhkenshin wrote: you have table1 and table2 which both have their Warehouse, Product, Line_No in common and thats Wrong
I would suggest that there is insufficient information to determine whether the model is a good or bad one. Normalisation is not always the lofty goal that a lot of people think it should be. For example, in a reporting senario normalisation is a hinderance rather than a help. However, that said, most data models would benefit from better normalisation.
ColinMackay.net
"Man who stand on hill with mouth open will wait long time for roast duck to drop in." -- Confucius
"If a man empties his purse into his head, no man can take it away from him, for an investment in knowledge pays the best interest." -- Joseph E. O'Donnell
|
|
|
|
|
Hi
Ok, I cannot touch the Database - Belongs to our ERP system.
I think I should be using LEFT JOIN?
I also oversimplified things a bit, because there is an third table, from which I need one field (Description) which also joins on warehouse and product.
I pulled the tables into access, and tried the query there.
bmassdm has 16042 rows
bmasscm has 15901 rows
stockm has 5891 rows (all items in bmassdm DEFINITELY exist in stockm)
Query returns 15553 rows (I need it to return the full 16042 rows form bmassdm)
Here is the full query:
SELECT bmassdm.assembly_warehouse+bmassdm.product_code AS Assembly, bmassdm.component_whouse+bmassdm.component_code AS Component, bmassdm.description AS Description, bmassdm.usage_quantity AS Qty, bmasscm.circuit_reference AS CctRef, stockm.long_description
FROM (bmassdm LEFT JOIN bmasscm ON (bmassdm.circuit_number =val( bmasscm.circuit_number)) AND (bmassdm.product_code = bmasscm.product_code) AND (bmassdm.assembly_warehouse = bmasscm.assembly_warehouse)) INNER JOIN stockm ON (bmassdm.product_code = stockm.product) AND (bmassdm.assembly_warehouse = stockm.warehouse)
WHERE (((bmasscm.line_number)='000'));
|
|
|
|
|
We have a SQL 2000 server the pulls data from a 2005 server, processes it, and pushes it back in DTS. The problem is that I think this causes timeouts on the 2005 server. Can anyone confirm that might be a problem?
E=mc2 -> BOOM
|
|
|
|
|
Hi everyone,
Need your help very badly.. where can i download a free full version of Flex cell 2.0 .net framework a third party control.... links are highly appreciated....
tnx tnx tnx tnx and more power.... :->![Rose | [Rose]](https://codeproject.freetls.fastly.net/script/Forums/Images/rose.gif)
|
|
|
|
|
See my reply here[^].
RageInTheMachine9532
"...a pungent, ghastly, stinky piece of cheese!" -- The Roaming Gnome
|
|
|
|
|
my sp is
create procedure insertApplcn
@txtjcode as nvarchar(20),
@txtcname as nvarchar(30),
@dtdob as smalldatetime,
@txtpaddr1 as nvarchar(30),
@txtpaddr2 as nvarchar(30),
@txtpaddr3 as nvarchar(30),
@txtppin as nvarchar(6),
@txtcourse1 as nvarchar(50),
@txtcourinst1 as nvarchar(45),
@txtcouruniv1 as nvarchar(50),
@txtcourstart1 as nvarchar(4),
@txtcourend1 as nvarchar(4),
@intmark1 as decimal(5),
@txtcourse2 as nvarchar(50),
@txtcourinst2 as nvarchar(45),
@txtcouruniv2 as nvarchar(50),
@txtcourstart2 as nvarchar(4),
@txtcourend2 as nvarchar(4),
@intmark2 as decimal(5),
@txtcourse3 as nvarchar(50),
@txtcourinst3 as nvarchar(45),
@txtcouruniv3 as nvarchar(50),
@txtcourstart3 as nvarchar(4),
@txtcourend3 as nvarchar(4),
@intmark3 as decimal(5)
as insert into applcn(txtcname,txtjcode,dtdob,txtpaddr1,txtpaddr2,
txtpaddr3,txtppin,txttaddr1,txttaddr2,txttaddr3,txttpin,
--Qualification
txtcourse1,txtcourinst1,txtcouruniv1,txtcourstart1,txtcourend1,intmark1,
If (@txtcourse2 <>'--Select One--') Then
txtcourse2,txtcourinst2,txtcouruniv2,txtcourstart2,txtcourend2,intmark2,
End If
If @txtcourse3 <> "--Select One--" Then
txtcourse3,txtcourinst3,txtcouruniv3,txtcourstart3,txtcourend3,intmark3,
End If
)
it show error incorrect syntax near 'if' condition?????
plz help.is it posiible???
All I ever wanted is what others have....
CrazySanker
-- modified at 13:39 Tuesday 14th February, 2006
|
|
|
|
|
The reason is that you can't have an IF statement in the middle of another statement, in this case the INSERT statement.
ColinMackay.net
"Man who stand on hill with mouth open will wait long time for roast duck to drop in." -- Confucius
"If a man empties his purse into his head, no man can take it away from him, for an investment in knowledge pays the best interest." -- Joseph E. O'Donnell
|
|
|
|
|
iam trying to convert a char value into smalldatetime for command "select cast(14/02/2006 as smalldatetime) iam getting the value "1900-01-01 00:00:00" and for command
"select cast('14/02/2006' as smalldatetime)" iam getting error message that "The conversion of char data type to smalldatetime data type resulted in an out-of-range smalldatetime value." Please suggest me where iam going wrong and what syntax should be used
|
|
|
|
|
Might be a localization issue, maybe you should try your date as 02/14/2006? Or, try 14/02/2006 00:00:00 (you may need to put some kind of time in there).
I hope this helps,
Paul
|
|
|
|
|
As pointed out above, it sounds like a localization issue.
This should work regardless of local:
CAST('20060214' AS smalldatetime)
The format to use for the date string is 'YYYYMMDD'. I have not had localization issues when I use this format.
Scott
|
|
|
|
|
Hi all!!
With SQL Server 2000, there was a cool tool called Enterprise Manager where you could create databases, check tables, etc.
Where do I do this in SQL Server 2005.
Thanks
ma se
|
|
|
|
|
Hello Ma se,
There is a tool called Management Studio in Sql server 2005. Its the tool that every developer would use most. I mean its like a combo of Enterprise manager and Query analyzer.
Going forward with your learning. Shall i know what you are trying to do? I mean did you try getting VWD(Visula Web Developer)? If you tried getting VWD then the SQL Express(which is desktop engine kind of version of Sql server 2005) would also get installed as part of the VWD installation. Once you are done installing VWD you will only Configuration tools of Sql server 2005. You still won't get Mnagement Studio. To get the management studio express edition you have got to get it off the web seperately.
Here is the link
http://www.microsoft.com/downloads/details.aspx?familyid=82afbd59-57a4-455e-a2d6-1d4c98d40f6e&displaylang=en
and scroll the page to the bottom and you should see the
SQLServer2005_SSMSEE.msi
at the bottom of the page. This installs Management Studio. You also can get AdventureWorks and the rest of the databses. Hope this helps you understand how to get going with it. Please let me know if you need any further assistance on this.
Thanks
Learner
|
|
|
|
|
Hey..
Thanks for the reply. I've never seen any one more friendlier with help than you.
This is what I do. I'm a web developer, still new to .NET 2.0 and SQL Server 2000. I usually used classic ASP and a bit of .NET 1.1 with SQL Server 2000. So I need to find my way around SQL Server 2005.
I have VWD, and I do have SQL Server Express. I'm redoing one of our websites in .NET 2.0 with C#, and at some stage I will need to upload the database to the hosting server. I know that SQL Server 2005 and the Express edition uses the same engine, but is it possible to transfer your database created in the Express edition to the 2005 edition?
I will download that Management Studio that you suggested. I have also installed SQL Server 2005 the trial version. So you would say the Express Edition is enough?
I appreciate your reply to the previous email. O yes, one last thing. I want to learn as much as possible about SQL Server 2005, so if you have any useful articles, please send the links to brcvogt@yahoo.com.
Thanks again,
ma se
|
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
