Compare value obtained from textbox in asp(vb) using SQL Server database - vbscript

I am using asp(vb)
In SQL Server database I made a table cars which has two columns:
productid int
name varchar(50)
Now I am collecting the value of name attribute from user through a text field:
Enter car name
<input type="text" name="name" value="" />
and storing it in a variable:
name = Request.Form("name")
But when I run this query, it gives error:
query = "SELECT * FROM cars where name = " & name
Unable to figure out why?

Because name is defined as a VARCHAR string datatype, this would mean you need to quote the value of name in your SQL query, ie
query = "SELECT * FROM cars WHERE name = '" & name & "'"
or better still, use a parameterised query via a ADODB.Command object if you're using ADODB

I think u first run a query for INSERT the data

Using MSSql Server? Try:
query = "SELECT * FROM cars where [name] = " & name
Note the [] around the name column.

Related

Is it possible to generate where condtions SQL query through Jdbc template:

example:
If i pass value for 1 parameter (only name) : search by name
"select * from address where name = ?";
If i pass value for 2 parameter (name and gender) - search by name and gender:
"select * from address where name = ? and gender = ?";
I have mupliple search fields. 5 fields. If user enters any combination. i have search only based on parameter. How to dynamically pass the parameters to the sql. Need snippet/Example how to achieve this.

How to add a parameter to a SQL query?

I would like to add a dynamic parameter in addition to parameters from Maximo inside SQL query.
Something like that :
select *
from workorder a
where params["where"] or a.parent = :Param
with params["where"] with wonum='1234' and :Param = '1234'
Is it possible with Birt to get wonum value and put it also to :Param ?
Or maybe another way ?
Thanks
open is like that (query is more complicated so I simplify it):
maximoDataSet = MXReportDataSetProvider.create(this.getDataSource().getName(), this.getName());
maximoDataSet.open();
var sqlText = new String();
sqlText = "select column1, column2 as woParent, etc... from workorder where " + params["where"] + " or woParent=:param";
maximoDataSet.setQuery(sqlText);
beforeopen is like that(just to see the query) :
importPackage( Packages.java.io );
out = new PrintWriter( new FileWriter( "c:/birteaump.log", true ) );
out.println( "\nMy Query: " + this.queryText);
out.close();
I had some code to manipulate :param to replace it with wonum but this.queryText is null.
I'm a newbie to birt report maybe I have to think differently to solve my problem.
Thanks
I used Birt 3.7.1. I saw in a video that we can add a query in a dataset's dialog box. But with my report I only have "scripted data set" when I use the "new data set" button.
Is it possible that my query is null in "beforeopen" is in relation with that ?
If I create another sort of datasource, I will have acces to another sort of dataset ?
thanks
ok I solved my problem.
I created a JDBC data source and I have access to a new sort of data set.
I can put my query in this data set and I have access to "beforeopen" and my query is not null.
Thanks

VBA function to get windows user name [duplicate]

I would like to know if there is a way to get system username and use it directly in an MS Access query. I have made a parameter work within a query from a combo box on a form and I have also acquired system name in Access VBA using ENVIRON ("USERNAME").
Kindly let me know if this is possible.
You need to create a VBA function that returns the username, and then use the function in the query.
Public Function GetUserName() As String
' GetUserName = Environ("USERNAME")
' Better method, see comment by HansUp
GetUserName = CreateObject("WScript.Network").UserName
End Function
and
SELECT foo FROM bar WHERE myUserName = GetUserName();
My solution kept all the work in VB.
I used a variable for the windows login username and then created a SQL string with that variable inserted. Lastly, I updated the query behind the form to use this new SQL string.
The CHR(34) puts quotes around the name as it is now a string inside the SQLSTR and needs to be within a set of quotes.
If you have a complex SQL statement, write it in the QBE using a string for the name and all the other variables, then switch to the SQL view and replace it using a VBA variable as shown below.
MyName = Environ("username")
sqlstr = "SELECT * From Projects WHERE ( ((Projects.LeadEngineer)=" & Chr(34) & MyName & Chr(34) & " AND ActiveYN = True ));"
Forms![Main Form].RecordSource = sqlstr
You can use SYSTEM_USER if the query is being executed in a SQL Server, that will retrieve the user name connected to the database (for that, make sure you are not using fixed user name in your connection string)
Yes - you can use the 'CurrentUser' function in your query. Here I've included it as a field and criteria.
SELECT Field1, Field2, [CurrentUser] AS UserName FROM Table1 WHERE Field1 = [CurrentUser];

Using variables instead of objects

I used this line
.RecordSource = "select * from tblpersonal where empid like '" & Me.lblIDNumber.Caption & "*'"
...my question is, what if I use a variable (varIDNumber) instead of object (lblIDNumber), what would be the syntax? I am using VB6.0
You didn't mention txtIDNumber in the code -- you mentioned lblIDNumber. I assume you mean for those two to be the same. In other words, the code you have at present should be something like this:
.RecordSource = "select * from tblpersonal where empid like '" & Me.txtIDNumber.Text & "*'"
So you are using the value of a text box in a form to populate the SQL query. Am I right so far?
And you are asking, what if I store the ID number in a variable rather than a text field? I agree, this is probably a step in the right direction.
So you might create a variable in the "General Declarations" section of the form using:
Dim idNumber As Integer
With the idea being to update the value of that variable each time the text field changes. Note: I am assuming that the "ID number" is an integer -- if not, you should use a String instead.
Now you need to update that variable when the text field changes. In the txtIDNumber_Change event, you will want to add code to convert the string txtIDNumber.Text into an Integer, and store it in idNumber. I forget the exact syntax, but I am guessing something like:
idNumber = Int(txtIDNumber.Text)
Finally, you can now use the idNumber variable in the SQL query rather than the text box:
.RecordSource = "select * from tblpersonal where empid like '" & idNumber & "*'"
Replace Me.lblIDNumber.Caption with varIDNumber
If you have a constant in the label and would prefer for the constant to be stored in a variable instead, create a Const in the form's code. Let's say the label has the text "43" in it.
In the general declarations section of the form, add the code:
Const idNumber As Integer = 43
Then, when constructing the query:
.RecordSource = "select * from tblpersonal where empid like '" & idNumber & "*'"
This will construct the query using the constant 43. I don't really see the point of this -- if you want the employee number to be something the user can type in, see my other answer.

Please Correct my SQL Syntax

I know that there's something wrong with my syntax... "select * from tblpayroll where empid = userid"
UserID is a variable...
apparently, it's your vb variable.
select * from tblpayroll where empid = '" & userid & "' "
use it this way, and it'll work
The text "select * from tblpayroll where empid = userid" will be sent through exactly as is to the SQL back end, the userid part will not be substituted. So, unless you have a userid column, you'll probably get an error. Even if you do have a userid column, the results won't be what you expect.
What you need to do depends on whether userid is a numeric or string value. For numerics, you can use:
"select * from tblpayroll where empid = " & CStr(userid)
This will first turn the numeric value into a string and check it as-is.
For string values, use:
"select * from tblpayroll where empid = '" & userid & "'"
This will simply surround the string with quotes to ensure a string comparison works. You need to be aware that this is a bad idea if userid has not been sanitised somehow - it may lead to SQL injection attacks. The art of fixing that is outside the scope of this particular question but it's worth keeping in mind.
What to do if your variable is numeric but the database field is a string is another matter. You can do it with CStr and zero-padding but, since it's an unlikely scenario, I haven't documented it here.

Resources