PARSE SQL STATEMENT (Changing Where part)

Dear All,

I wonder if there is a way to change the Where statement of a Sql statement withouth writing a custom code?
For instance I need to change the "select * from employees where serial>100 order by serial" to
"select * from employees where EmploymentDate is not null order by serial"
Thanks a lot
Aref K.
0
arefkarimi
1/29/2005 6:46:22 AM
asp.net.getting-started 91979 articles. 4 followers. Follow

1 Replies
589 Views

Similar Articles

[PageSpeed] 35


Hi,
Have that portion of "where ...." in a variable and then you can concatenate it to the query string.
Like as follows:-

Dim strWhrCon as string
// then you can assign the where condition to this variable.
strsql = "select * from employees where " & strWhrCon & " order by serial"

But, this is a dangerous method and if you expose the sql statement in your code, then the user can do an injection. In general, using stored procedures is safe and secured.
Thanks.

regards,
Harish

http://geekswithblogs.net/ranganh
0
ranganh
1/29/2005 12:58:04 PM
Reply:

Similar Artilces:

sql statement line change in vb.net
this might be a simple question: there is a long sql statement and I would like to break it into several lines, I forgot how to do that. I remember use underline to join them together but not sure exactly how.  Any help is appreciated!example: SELECT thisCoulumn, thatcolumnFROMthistableWHEREthisColumn=1   Sue's edream - www.edream.org It should be something like this: Dim mSqlStatement As String = "SELECT thisCoulumn, thatcolumn " _   & "FROM " _   & "thistable " _   & "WHERE " _   &...

Getting table records count with SQL statement VB.net
I have a table named USERS with a column named USERNAME. I am trying to get the count and cannot seem to get any results back. Code I've tried. cmd2.CommandText = "SELECT USERNAME AS RETURNCOUNT FROM USERS" rs = cmd2.ExecuteReader intCount = rs("RETURNCOUNT") ************Did not return any*************  ******************************************************************************************************************************* cmd2.CommandText = "SELECT COUNT(0) AS RETURNCOUNT FROM USERS" rs = cmd2.ExecuteReader intCount = rs("R...

How Do I Change SQL Statement of ReportView in VB.NET 2005 to drive my logic
HI  Am developing an application and wants to use MS report instead of crystal report.After designing the report it will add dataadatpter and dataset and refuses me to add my SQL statement which will drive my logic. Have anybody use that, how can I do that?   Hi, I guess you want to add some filter in report file itself, here is the link you can start with RDLC Reports. http://www.gotreportviewer.com/ Let me know if you need any other clarification?    Regards,SasiPlease remember to click "Mark as Answer" on this post if it helped you. I...

Free .Net and Sql Server Training Videos for Developers just getting started
I figured since this is the Getting started forum I would mention a great .Net training video site with some free videos.http://www.TechnicalVideos.netThanksMike James...

RE: SQL::Statement cannot parse valid Postgresql statement
> From: Terrence Brannon [mailto:metaperl@mac.com] > > On Monday, December 10, 2001, at 09:16 AM, Jeff Zucker wrote: > > > Terrence Brannon wrote: > >> > >> The following SQL is not parseable by SQL::Statement: > >> > >> INSERT > >> INTO thot_log (thot_fk,thot_type_fk,thot_temporality_fk,date) > >> VALUES (?,?,?,CURRENT_TIMESTAMP) > > What I have is a program which reads a SQL statement from a file. > It parses it with SQL::Statement, then it prepares this > statement, then does an ...

Is it possible to modify the SQL statement before the ODBC driver get the statement ?
Hi all, Is it possible to modify the SQL statement before the ODBC driver get the SQL statement ? I need to modify some of my SQL statement to support multiple database. e.g. to solve the reserved word problem in Oracle or auto uppercase problem on unquoted column name in DB2. I need a solution for all my datawindow, datastore, embeded SQL, dynamic SQL statement. Thanks. Regards, Larry Chiu Sure, use getSqlSelect to get it and setSqlSelect to set it. Of course in the case of the Dynamic Datawindow you are going to have to do a syntaxFromSql and then a create using that s...

Sorting Gridview by changing SQL statement
Hi, I need to sort the datagrid by the selected heading - Sub SortCommand is called and I want an SQL ORDER BY variable:1 Sub SortCommand(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.GridViewSortEventArgs) 2 comm = New SqlCommand("SELECT Artist, Album, [My Rating], [Listened Amount], Art FROM Music ORDER BY e.SortExpression", conn) 3 4 open_connection() 5 End Sub   Try this: Sub SortCommand(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.GridViewSortEventArgs)2        &n...

Parsing SQL Statements
Has anyone run across any code or utilities for getting information from complex SQL statements? I want to be able to collect the table names and column names from SQL statements with complex sub-queries. Any help or pointers would be appreciated. joe white joe@lemma.net Joe -- Check out n_cst_sql in the PFC. It has a function that will break up a sql command into individual components (select,from,where,order,...) and another that will recombine the components into a single command. One caveat about this. When I used the 5.0.3 version, it had problems where nested sele...

sql statement parsing
hi guys, how can i parse the where clause in an SQL::Statement object instance? $statement = SQL::Statement->new("select 1,2,3 from table where x=y"); now when i do this: $where = $stmt->where(); it gives me error: Can't locate object method "where" via package "SQL::Statement" (perhaps you for got to load "SQL::Statement"?) at blah line 34. any idea? thanks -- Hytham Shehab At 07:34 PM 8/10/02 +0300, Hytham Shehab wrote: > how can i parse the where clause in an SQL::Statement object instance? >$statement = S...

parsing SQL statement
Anyone having suggestion parsing SQL statement? It should able to parse: BLA BALA BALA... VALUES( 'abcd efg',,999, 'some \"STRING\" and \'STR2\' STR3',,,, 'abcd, def, fghi' ) I'm using tr and then split by "," but it will fall when seeing comma inside the single quote. Thanks. --budhi On Fri, 2008-05-30 at 19:24 +0700, beast wrote: > Anyone having suggestion parsing SQL statement? > > It should able to parse: > > BLA BALA BALA... > > VALUES( > 'abcd efg',,999, 'so...

how to get start with .NET
the net help people installed  to my desktop 1-microsoft visual studio .NET enterprise developer 2003 2-microsoft .NET framework 1.1 what else do i need ...???  and how can i try with some simple code in VS.Net and run it to see wat happen...????? please help If you want to develope web applications, then you'll also need IIS on your PC.  That'll require XP-Professional or Windows 2000/2003, but XP-Home edition won't allow IIS installation. As for how to get started, you can search the web for some tutorials or buy a good book on VS.  The topic is way too vast to...

Getting Start With .net
hi i'm intersted to learn asp.net (vb or delphi) . i programming with delphi6 but i'd like to tp know something about programming in internet specially with .net . i hear about microsoft.net with delphi 7 that i can programming with delphi in .net .... is it right ? what 's our opinian about it ? and better to learn Vb.Net or continu with delphi(or delphi.net) thanks. Ali Darabian I think there is some support for Delphi in .Net. However, you will find much more support from the user community if you choose a more popular language such as VB.Net or C#. Since your al...

Get SQL Statement
Good Morning, I'm just wondering if something is possible. In my application I execute a batch script then loop through all the results with ct_result. After calling ct_result is there any way to get the SQL statement that created the resultset? Thanks, Brad ...

Get last modified date for sql objects in SQL server 2005 to track database changes.
For frequent migration to different environment we have to provide scripts for any database changes, most of the time developer forget to send few of the scripts which causes error in the other environments. I am using SQL server 2005.I was looking for any sql query which can list the create date and modify date of table, stored procedure, views etc in a database.I google and found the below query but I get the below error message:" Invalid object name 'sys.objects'."SELECT nameFROM sys.objectsWHERE type = 'P'AND DATEDIFF(D,modify_date, GETDATE()) < 7Note: I do ...

Web resources about - PARSE SQL STATEMENT (Changing Where part) - asp.net.getting-started

User:Jimbo Wales/Statement of principles - Wikipedia, the free encyclopedia
As we move forward with software and social changes, I think it is imperative that I state clearly and forcefully my views on openness and the ...

Category:Articles containing potentially dated statements from June 2006 - Wikipedia, the free encyclopedia ...
This is an administration category . It is used for administration of the Wikipedia project and is not part of the encyclopedia. It contains ...

David Bowie: Private ceremony planned as family issues statement thanking fans
LONDON, Jan 14 Reuters - David Bowie will be remembered in a private ceremony, says his family, who have thanked fans for their support after ...

Tamir Rice's Mother Comments on LeBron James Not Giving Statement on Son's Death - Bleacher Report
One week after Cleveland Cavaliers superstar LeBron James made careful comments regarding the death of Tamir Rice, the boy's mother spoke out ...

Foxborough issues statement on handling of reported Chandler Jones incident
The statement, signed by Foxborough’s town manager, did not provide any new details about the case.

Is Mark Zuckerberg’s latest post about his daughter a political statement?
... doctor. His captioned it, “ Doctor’s visit — time for vaccines! ” and the post went viral (pun possibly intended.) Seen as an official statement ...

Chipotle sued over food safety statements
Chipotle Mexican Grill was sued for allegedly misleading investors about its food safety controls.

Here Is The Full White House Statement On “New Executive Actions to Reduce Gun Violence and Make Our ...
Here Is The Full White House Statement On “New Executive Actions to Reduce Gun Violence and Make Our Communities Safer”

Wheaton College moving to fire professor after Muslim statements
Wheaton College leaders are taking steps to fire the suspended political science professor who drew fire late last year for saying Christians ...

Business on Display: Making a Statement with Digital Signage
The digital signage market is projected to be worth $22 billion by 2020. Join us for our first of four webinars powered by Samsung as we discuss ...

Resources last updated: 1/15/2016 8:25:29 PM