Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 SQL Server 2000 Forums
 Transact-SQL (2000)
 Sql Query Help !

Author  Topic 

harry
Starting Member

3 Posts
Posted - 2004-07-26 : 03:51:36
Is this the right query ?
--------------------------------

SELECT DISTINCT LOTTERY,RATE,QNTY,AMOUNT,ORG FROM LOTTERY,TRANS_SUM,ORG WHERE LOTTERY.LOTTID=<%=lottid%> AND TRANS_SUM.STOCKISTID=3 AND TRANS_SUM.ORGID=<%=orgid%> AND ORG.ORGID=<%=orgid%>

--------------------------------

I am new to SQL Server/Sql query.

Please guide me in this way.

Harry
India

harry

spirit1
Cybernetic Yak Master

11752 Posts
Posted - 2004-07-26 : 04:12:07
well if you're writing it in a stored procedure it's not ok.
because of <%=lottid%> syntax and thik you're writing it directly in asp. so im guessing it's ok.
there could be type diferrences but that is for you to know and us to guess. :)
if any of the fields in Where clause are varchar you need to enclose them in single qotes:
i.e. : LOTTERY.LOTTID='<%=lottid%>'


Go with the flow & have fun! Else fight the flow :)
Go to Top of Page

Kristen
Test

22859 Posts
Posted - 2004-07-26 : 04:27:40
You should use a wrapper function for any string parameter you pass to SQL Server so that any embeded quotes are taken care of. Also beware of SQL Injection.

So, assuming ALL your parameters are strings, sometihng like:

Function fnFixQuotes(value)
	If IsNull(value) Then
		fnFixQuotes = "NULL"
	Else
		fnFixQuotes = "'" & Replace(value, "'", "''") & "'"
	End If
End Function

SELECT DISTINCT LOTTERY,RATE,QNTY,AMOUNT,ORG FROM LOTTERY,TRANS_SUM,ORG 
WHERE LOTTERY.LOTTID=<%=fnFixQuotes(lottid)%> AND TRANS_SUM.STOCKISTID=3 
AND TRANS_SUM.ORGID=<%=fnFixQuotes(orgid)%> AND ORG.ORGID=<%=fnFixQuotes(orgid)%>

Kristen
Go to Top of Page

harry
Starting Member

3 Posts
Posted - 2004-07-26 : 05:05:23
Thanks guys.

Now problem is solved.

Harry
India

harry
Go to Top of Page
   

Subscribe to SQLTeam.com

SQLTeam.com Articles via RSS

SQLTeam.com Weblog via RSS

- Advertisement -

Resources

Articles

Forums

Blogs

Contact Us

About the Site