New SQL question also urgent
-
1. Don't mark your questions as urgent - do you think anybody cares? 2. The snippet you posted will not even compile. 3. If you want to test it, set a breakpoint, see what your query comes out like, and try executing it from Query analyzer. 4. Use stored procs or at least parameterized queries - you are exposing yourself to SQL injection attacks.
Cheers, Vıkram.
Be yourself, no matter what they say. - Sting, Englishman in New York.
Sorry that doesn't really help me. I have got two hours to finish this project and my managers don't care about injection attacks because they are purely testing me on the ability to search with sql queries. This is not being used. Why is everyone so rude on this forum. If no one cares, why are you all even on the forum. they should have people on who do care.
-
Sorry that doesn't really help me. I have got two hours to finish this project and my managers don't care about injection attacks because they are purely testing me on the ability to search with sql queries. This is not being used. Why is everyone so rude on this forum. If no one cares, why are you all even on the forum. they should have people on who do care.
falles01 wrote:
Why is everyone so rude on this forum.
:wtf:
falles01 wrote:
If no one cares, why are you all even on the forum.
If somebody is rude, than it's you!
falles01 wrote:
they should have people on who do care.
Who, do you mean? Do you think somebody get piad to answere questions here? The answere is, No! It's all volunter, and you should be thankfull for every answere you get! I voted '1' for your rudeness!
All the best, Martin
-
falles01 wrote:
Why is everyone so rude on this forum.
:wtf:
falles01 wrote:
If no one cares, why are you all even on the forum.
If somebody is rude, than it's you!
falles01 wrote:
they should have people on who do care.
Who, do you mean? Do you think somebody get piad to answere questions here? The answere is, No! It's all volunter, and you should be thankfull for every answere you get! I voted '1' for your rudeness!
All the best, Martin
I apologise. I didn't realise it was voluntary,,and I didn't mean you because I thought you had been quite good, I just have had a few responses to my questions, like one I just received saying 'do you think anyone cares that you have a deadline' and a few days ago one saying 'you shouldn't be writing code that anyone can expect to pay for.' now if they aren't rude I don't know what is. :|
-
I apologise. I didn't realise it was voluntary,,and I didn't mean you because I thought you had been quite good, I just have had a few responses to my questions, like one I just received saying 'do you think anyone cares that you have a deadline' and a few days ago one saying 'you shouldn't be writing code that anyone can expect to pay for.' now if they aren't rude I don't know what is. :|
falles01 wrote:
I didn't realise it was voluntary
Had it been a paid efforts, have you ever can dream of walking into the forum and post your troll? :mad: You should first read this before posting questions on public discussion boards: http://www.codeproject.com/scrapbook/ForumGuidelines.asp[^]
Vasudevan Deepak Kumar Personal Homepage Tech Gossips
-
I also need to write a select sql statement which searches through a number of tables. As a start I ahve this which doesn't work. string sql = "select employees.Firstname from employees where employees.Firstname = '" + empNamecomboBox.SelectedValue.ToString() + "'"; where RoleID = '" + rolecomboBox.SelectedValue.ToString() + "'"; I've got a winform with 5 fields, either comboboxes or checkedlistboxes. i want to find all employees where a role or/and manager and/or division is selected. In other words I want to find all employees who are a developer with certain skills. At the moment I can only get them working one at a time but the search doesn't display employees, it just displays the data on the role itself, or the division itself if that makes sense. ?
Gosh - didn't they even give you a book on SQL ? Have you not had time to read about SQL using google or something ? I suggested a few days ago that any SQL you write, you should test directly against your database to get the best possible error info. In this case, your SQL is plain wrong. To combine two conditions, use 'and', and to combine two tables, use joins. Something like ( this won't work ) select e.firstname from employees e inner join roles r on e.roleId = r.RoleId where e.FirstName = 'fred' and r.roleId = 4 Not sure if you have a role table, what you need it for, if you're not looking anything up in it. I mean, if you cannot join the two tables, then you can't use them together, and odds are that it's a lookup table for role names, so you can then expect the role id to be in both tables, and you can look it up in the employee table.
Christian Graus - Microsoft MVP - C++ "I am working on a project that will convert a FORTRAN code to corresponding C++ code.I am not aware of FORTRAN syntax" ( spotted in the C++/CLI forum )
-
I also need to write a select sql statement which searches through a number of tables. As a start I ahve this which doesn't work. string sql = "select employees.Firstname from employees where employees.Firstname = '" + empNamecomboBox.SelectedValue.ToString() + "'"; where RoleID = '" + rolecomboBox.SelectedValue.ToString() + "'"; I've got a winform with 5 fields, either comboboxes or checkedlistboxes. i want to find all employees where a role or/and manager and/or division is selected. In other words I want to find all employees who are a developer with certain skills. At the moment I can only get them working one at a time but the search doesn't display employees, it just displays the data on the role itself, or the division itself if that makes sense. ?
OK - given that your sample SQL returns what is passed in, I assume this is a dummy example. If you want us to help you, you need to tell us the schema of the two tables, and what you hope to pull out of there.
Christian Graus - Microsoft MVP - C++ "I am working on a project that will convert a FORTRAN code to corresponding C++ code.I am not aware of FORTRAN syntax" ( spotted in the C++/CLI forum )
-
Sorry that doesn't really help me. I have got two hours to finish this project and my managers don't care about injection attacks because they are purely testing me on the ability to search with sql queries. This is not being used. Why is everyone so rude on this forum. If no one cares, why are you all even on the forum. they should have people on who do care.
falles01 wrote:
Sorry that doesn't really help me. I have got two hours to finish this project and my managers don't care about injection attacks because they are purely testing me on the ability to search with sql queries.
Sounds like the interview tests my company uses. And, I would be concerned about SQL Injection Attacks.
-- Always write code as if the maintenance programmer were an axe murderer who knows where you live. Upcoming FREE developer events: * Glasgow: Agile in the Enterprise Vs. ISVs, Mock Objects, SQL Server CLR Integration, Reporting Services, db4o ... * Reading: SQL Bits My website
-
I apologise. I didn't realise it was voluntary,,and I didn't mean you because I thought you had been quite good, I just have had a few responses to my questions, like one I just received saying 'do you think anyone cares that you have a deadline' and a few days ago one saying 'you shouldn't be writing code that anyone can expect to pay for.' now if they aren't rude I don't know what is. :|
falles01 wrote:
like one I just received saying 'do you think anyone cares that you have a deadline'
Obviously. When you say 'Urgent!' it implies we should drop whatever we're doing (mostly, it's work I'm being paid for) and solve your problem (for which I'm not). This is rude. You may not agree with me now, but be an active member for a year or so and you will agree. Don't take it so personally. :)
Cheers, Vıkram.
Be yourself, no matter what they say. - Sting, Englishman in New York.
-
Sorry that doesn't really help me. I have got two hours to finish this project and my managers don't care about injection attacks because they are purely testing me on the ability to search with sql queries. This is not being used. Why is everyone so rude on this forum. If no one cares, why are you all even on the forum. they should have people on who do care.
falles01 wrote:
because they are purely testing me on the ability to search with sql queries
Obviously, they're testing you, not us. What's the point of giving your managers our answers?? Sure, "we" might pass this test for you, but "you'll" fail in the real world when you can't apply the concepts yourself.
A guide to posting questions on CodeProject[^]
Dave Kreskowiak Microsoft MVP Visual Developer - Visual Basic
2006, 2007 -
Gosh - didn't they even give you a book on SQL ? Have you not had time to read about SQL using google or something ? I suggested a few days ago that any SQL you write, you should test directly against your database to get the best possible error info. In this case, your SQL is plain wrong. To combine two conditions, use 'and', and to combine two tables, use joins. Something like ( this won't work ) select e.firstname from employees e inner join roles r on e.roleId = r.RoleId where e.FirstName = 'fred' and r.roleId = 4 Not sure if you have a role table, what you need it for, if you're not looking anything up in it. I mean, if you cannot join the two tables, then you can't use them together, and odds are that it's a lookup table for role names, so you can then expect the role id to be in both tables, and you can look it up in the employee table.
Christian Graus - Microsoft MVP - C++ "I am working on a project that will convert a FORTRAN code to corresponding C++ code.I am not aware of FORTRAN syntax" ( spotted in the C++/CLI forum )
Thank you. I know it sounds like I'm really dumb, but I have researched the Internet and yes I find many sql sites, but I'm not finding an axample that exactly matches my situation. I want to basically get all rows from employees table and one row from role table where the user has made a selection in the employee combobox and/or role combobox. so they might choose Siann Falleti and Business Analayst, the search should return only Siann Falleti's who are also BA's. I advised them I need more time but they said no..it should only take you half a day. Maybe my brain is just not adequate for this type of thinking thats why I'm slow. :((
-
Gosh - didn't they even give you a book on SQL ? Have you not had time to read about SQL using google or something ? I suggested a few days ago that any SQL you write, you should test directly against your database to get the best possible error info. In this case, your SQL is plain wrong. To combine two conditions, use 'and', and to combine two tables, use joins. Something like ( this won't work ) select e.firstname from employees e inner join roles r on e.roleId = r.RoleId where e.FirstName = 'fred' and r.roleId = 4 Not sure if you have a role table, what you need it for, if you're not looking anything up in it. I mean, if you cannot join the two tables, then you can't use them together, and odds are that it's a lookup table for role names, so you can then expect the role id to be in both tables, and you can look it up in the employee table.
Christian Graus - Microsoft MVP - C++ "I am working on a project that will convert a FORTRAN code to corresponding C++ code.I am not aware of FORTRAN syntax" ( spotted in the C++/CLI forum )
Okay I have tried the inner join like this but it keep returning an error that all the rows don't exist in the current context. string sql = "select employees.Firstname,employees.Lastname,employees.Role, employees.Division,employees.Manager,employees.TechnicalSkills,employees.Applications,Role.Description from employees inner join Role on employees.RoleID = Role.RoleID where employees.employeeID = '" + empNamecomboBox.SelectedValue.ToString() + "' and RoleID = '" + rolecomboBox.SelectedValue.ToString() + "'"; :confused:
-
Sorry that doesn't really help me. I have got two hours to finish this project and my managers don't care about injection attacks because they are purely testing me on the ability to search with sql queries. This is not being used. Why is everyone so rude on this forum. If no one cares, why are you all even on the forum. they should have people on who do care.
falles01 wrote:
why are you all even on the forum. they should have people on who do care
We are here to help when we can. We are not paid to be on these forums.
falles01 wrote:
I have got two hours to finish this project and my managers don't care about injection attacks
That is not anyone's problem around here. Maybe you need a new manager.
"Try asking what you want to know, rather than asking a question whose answer you know." - Christian Graus
-
falles01 wrote:
Sorry that doesn't really help me. I have got two hours to finish this project and my managers don't care about injection attacks because they are purely testing me on the ability to search with sql queries.
Sounds like the interview tests my company uses. And, I would be concerned about SQL Injection Attacks.
-- Always write code as if the maintenance programmer were an axe murderer who knows where you live. Upcoming FREE developer events: * Glasgow: Agile in the Enterprise Vs. ISVs, Mock Objects, SQL Server CLR Integration, Reporting Services, db4o ... * Reading: SQL Bits My website
Colin Angus Mackay wrote:
I would be concerned about SQL Injection Attacks
I already mentioned so in a more recent post :->
"Try asking what you want to know, rather than asking a question whose answer you know." - Christian Graus
-
Colin Angus Mackay wrote:
I would be concerned about SQL Injection Attacks
I already mentioned so in a more recent post :->
"Try asking what you want to know, rather than asking a question whose answer you know." - Christian Graus
-
Colin Angus Mackay wrote:
I would be concerned about SQL Injection Attacks
I already mentioned so in a more recent post :->
"Try asking what you want to know, rather than asking a question whose answer you know." - Christian Graus
The OP said it wasn't important because it was a test. I was referring in the context of the interview tests my company uses. I would be concerned that a person did not account for SQL Injection attacks when they go through that test.
Upcoming FREE developer events: * Glasgow: db4o: An Embeddable Database Engine for Object-Oriented Environments, Mock Objects, SQL Server CLR Integration, Reporting Services ... My website