SQL Server Forums
Profile | Register | Active Topics | Members | Search | Forum FAQ
 
Register Now and get your question answered!
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 SQL Server 2005 Forums
 Transact-SQL (2005)
 Avoiding string concatenation
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

parrot
Posting Yak Master

USA
132 Posts

Posted - 01/05/2013 :  13:52:59  Show Profile  Reply with Quote
In a previous topic it was emphasized not to concatenate strings when building an sql transaction. However, if the building of the string requires logic tests, what is the best way to avoid concatenation. For example, below is an instruction built using C# logic.

string strSQL = "INSERT INTO Mytable (Code, inputdata) VALUES (";

if(field1.CompareTo("A") == 0) strSQL += "Field1")
else strSQL += "Field2");
strSQL += ", ?)";

string newsqlstring = strSQL;
OleDbCommand myCommand = new OleDbCommand(newsqlstring, OleDbConn1);
myCommand.Parameters.AddWithValue("@mydata", inputdata.Text);

Is this safely avoiding string concatenation or is there another way to do it with logic involved in building the string?

robvolk
Most Valuable Yak

USA
15683 Posts

Posted - 01/05/2013 :  17:20:40  Show Profile  Visit robvolk's Homepage  Reply with Quote
What are Field1 and Field2? Are they variables in your program? Are they references to other columns in the same table being inserted?
Go to Top of Page

tkizer
Almighty SQL Goddess

USA
37316 Posts

Posted - 01/05/2013 :  17:21:04  Show Profile  Visit tkizer's Homepage  Reply with Quote
I'm not a C# programmer, so you'll need to fix this up. But here's a shot at it:

if(field1.CompareTo("A") == 0) someVar = "Field1"
else someVar = "Field2"

strSQL = "INSERT INTO Mytable (Code, inputdata) VALUES (?, ?)"

And then add a parameter for someVar.

Tara Kizer
Microsoft MVP for Windows Server System - SQL Server
http://weblogs.sqlteam.com/tarad/

Subscribe to my blog
Go to Top of Page

parrot
Posting Yak Master

USA
132 Posts

Posted - 01/05/2013 :  17:43:13  Show Profile  Reply with Quote
newfield is a literal to be inserted based on the value of a inputted variable name called field1. So I think the logic would be coded as follows in C# using oledb commands to update the database names Code and Datafield into the database as follows:

string newfield = "";
if(field1.CompareTo("A") == 0) newfield = "Active";
else if (field1.CompareTo("B") == 0) newfield = "Inactive";

string strSQL = "INSERT INTO Mytable (Code, Datafield) VALUES ("1234", ?);

OleDbCommand myCommand = new OleDbCommand(strSQL, OleDbConn1);
myCommand.Parameters.AddWithValue("@mydata", newfield);

Again I thank both of you for your reply. I think my question has been answered.
Go to Top of Page

visakh16
Very Important crosS Applying yaK Herder

India
52325 Posts

Posted - 01/06/2013 :  10:16:35  Show Profile  Reply with Quote
i think query statement should be this

string strSQL = "INSERT INTO Mytable (Code, Datafield) VALUES ('1234', ?)"

if Code is integer you can dispense with ' inside

------------------------------------------------------------------------------------------------------
SQL Server MVP
http://visakhm.blogspot.com/

Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
SQL Server Forums © 2000-2009 SQLTeam Publishing, LLC Go To Top Of Page
This page was generated in 0.05 seconds. Powered By: Snitz Forums 2000