Search Results

Search found 27850 results on 1114 pages for 'sql paging'.

Page 48/1114 | < Previous Page | 44 45 46 47 48 49 50 51 52 53 54 55  | Next Page >

  • Prevent SQL injection from form-generated SQL - NO PreparedStmts

    - by Markos Fragkakis
    Hi all, I have a search table where user will be able to filter results with a filter of the type: Field [Name], Value [John], Remove Rule Field [Surname], Value [Blake], Remove Rule Field [Has Children], Value [Yes], Remove Rule Add Rule So the user will be able to set an arbitrary set of filters, which will result essentially in a completely dynamic WHERE clause. In the future I will also have to implement more complicated logical expressions, like Where (name=John OR name=Nick) AND (surname=Blake OR surname=Bourne), Of all 10 fields the user may or may not filter by, I don't know how many and which filters the user will set. So, I cannot use a prepared statement (which assumes that at least we know the fields in the WHERE clause). This is why prepared statements are unfortunately out of the question, I have to do it with plain old, generated SQL. What measures can I take to protect the application from SQL Injection (REGEX-wise or any other way)?

    Read the article

  • T-SQL IsNumeric() and Linq-to-SQL

    - by cdonner
    I need to find the highest value from the database that satisfies a certain formatting convention. Specifically, I would like to fund the highest value that looks like EU999999 ('9' being any digit) select max(col) will return something like 'EUZ...' for instance that I want to exclude. The following query does the trick, but I can't produce this via Linq-to-SQL. There seems to be no translation for the isnumeric() function in SQL Server. select max(col) from table where col like 'EU%' and 1=isnumeric(replace(col, 'EU', '')) Writing a database function, stored procedure, or anything else of that nature is far down the list of my preferred solutions, because this table is central to my app and I cannot easily replace the table object with something else. What's the next-best solution?

    Read the article

  • SQL Server 2000 tables

    - by klork
    We currently have an SQL Server 2000 database with one table containing data for multiple users. The data is keyed by memberid which is an integer field. The table has a clustered index on memberid. The table is now about 200 million rows. Indexing and maintenance are becoming issues. We are debating splitting the table into one table per user model. This would imply that we would end up with a very large number of tables potentially upto the 2,147,483,647, considering just positive values. My questions: Does anyone have any experience with a SQL Server (2000/2005) installation with millions of tables? What are the implications of this architecture with regards to maintenance and access using Query Analyzer, Enterprise Manager etc. What are the implications to having such a large number of indexes in a database instance. All comments are appreciated. Thanks

    Read the article

  • sql server 2008 express one row write problem

    - by bojanskr
    Hi everyone, I have the most bizarre problem(at least it is bizarre to me) with MSSQL Server Express 2008. The problem is the following: On the development machine I use MS SQL Server 2008 Enterprise....I get some data from a WCF service and write that data to the db (simple as it can be)....I should point out however that the writing, it is done in a separate thread. BUt, anyway no problems during development...all the data is there. Then I set everything up(connection strings .\SQLEXPRESS, other settings) build in Release and copy that to a test machine that has MS SQL Server Express installed(because my application is a client application and it should work with Express)...I run the program....the program retrieves the data from the service...and when I look at the database...I'm in for a big suprise...there's only one row written(the first row received from the WCF service). I would really appreciate any help...I'm in a deadlock here. Thanks in advance. Bojan

    Read the article

  • How to find N Consecutive records in a table using SQL

    - by user320587
    Hi, I have the following Table definition with sample data. In the following table, Customer Product & Date are key fields Table One Customer Product Date SALE X A 01/01/2010 YES X A 02/01/2010 YES X A 03/01/2010 NO X A 04/01/2010 NO X A 05/01/2010 YES X A 06/01/2010 NO X A 07/01/2010 NO X A 08/01/2010 NO X A 09/01/2010 YES X A 10/01/2010 YES X A 11/01/2010 NO X A 12/01/2010 YES In the above table, I need to find the N or N consecutive records where there was no sale, Sale value was 'NO' For example, if N is 2, the the result set would return the following Customer Product Date SALE X A 03/01/2010 NO X A 04/01/2010 NO X A 06/01/2010 NO X A 07/01/2010 NO X A 08/01/2010 NO Can someone help me with a SQL query to get the desired results. I am using SQL Server 2005. I started playing using ROW_NUMBER() AND PARTITION clauses but no luck. Thanks for any help

    Read the article

  • Prevent SQL injection from form-generated SQL.

    - by Markos Fragkakis
    Hi all, I have a search table where user will be able to filter results with a filter of the type: Field [Name], Value [John], Remove Rule Field [Surname], Value [Blake], Remove Rule Field [Has Children], Value [Yes], Remove Rule Add Rule So the user will be able to set an arbitrary set of filters, which will result essentially in a completely dynamic WHERE clause. In the future I will also have to implement more complicated logical expressions, like Where (name=John OR name=Nick) AND (surname=Blake OR surname=Bourne), Of all 10 fields the user may or may not filter by, I don't know how many and which filters the user will set. So, I cannot use a prepared statement (which assumes that at least we know the fields in the WHERE clause). This is why prepared statements are unfortunately out of the question, I have to do it with plain old, generated SQL. What measures can I take to protect the application from SQL Injection (REGEX-wise or any other way)?

    Read the article

  • SQL Server join and wildcards

    - by Ernst
    I want to get the results of a left join between two tables, with both having a column of the same name, the column on which I join. The following query is seen as valid by the import/export wizard in SQL Server, but it always gives an error. I have some more conditions, so the size wouldn't be too much. We're using SQL Server 2000 iirc and since we're using an externally developed program to interact with the database (except for some information we can't retrieve that way), we can not simply change the column name. SELECT table1.*, table2.* FROM table1 LEFT JOIN table2 ON table1.samename = table2.samename At least, I think the column name is the problem, or am I doing something else wrong?

    Read the article

  • SQL Server: export data via SQL query?

    - by rlb.usa
    I have FK and PK all over my db and table data needs to be specified in a certain order or else I get FK/PK insertion errors. I'm tired of executing the wizard again and again to transfer data one table at a time. In the SQL Server export data wizard there is an option to "Write a query to specify the data to transfer". I'd like to write the query myself and specify the correct order. Will this solve my problem? How do I do this? Can you provide a sample query (or link to one) The databases are on two different servers - SQL Server 2008 on each ; The database names & permissions are the same ; each table name & col is the same ; I need Identity Insert for each table.

    Read the article

  • Override Linq-to-Sql Datetime.ToString() Default Convert Values

    - by snmcdonald
    Is it possible to override the default CONVERT style? I would like the default CONVERT function to always return ISO8601 style 126. Steps To Reproduce: DROP TABLE DATES; CREATE TABLE DATES ( ID INT IDENTITY(1,1) PRIMARY KEY, MYDATE DATETIME DEFAULT(GETUTCDATE()) ); INSERT INTO DATES DEFAULT VALUES; INSERT INTO DATES DEFAULT VALUES; INSERT INTO DATES DEFAULT VALUES; INSERT INTO DATES DEFAULT VALUES; SELECT CONVERT(NVARCHAR,MYDATE) AS CONVERTED, CONVERT(NVARCHAR(4000),MYDATE,126) AS ISO, MYDATE FROM DATES WHERE MYDATE LIKE'Feb%' Output: CONVERTED ISO MYDATE --------------------------- ---------------------------- ----------------------- Feb 8 2011 12:17AM 2011-02-08T00:17:03.040 2011-02-08 00:17:03.040 Feb 8 2011 12:17AM 2011-02-08T00:17:03.040 2011-02-08 00:17:03.040 Feb 8 2011 12:17AM 2011-02-08T00:17:03.040 2011-02-08 00:17:03.040 Feb 8 2011 12:17AM 2011-02-08T00:17:03.040 2011-02-08 00:17:03.040 Linq-to-Sql calls CONVERT(NVARCHAR,@p) when I cast ToString(). However, I am displaying all my data in the ISO8601 format. I would like to override the database default if possible to CONVERT(NVARCHAR,@p,126). I am using Dynamic Linq-to-Sql as demoed by ScottGu to process my data. PropertyInfo piField = typeof(T).GetProperty(rule.field); if (piField != null) { Type typeField = piField.PropertyType; if (typeField.IsGenericType && typeField.GetGenericTypeDefinition().Equals(typeof(Nullable<>))) { filter = filter .Select(x => x) .Where(string.Format("{0} != null", rule.field)) .Where(string.Format("{0}.Value.ToString().Contains(\"{1}\")", rule.field, rule.data)); } else { filter = filter .Select(x => x) .Where(string.Format("{0} != null", rule.field)) .Where(string.Format("{0}.ToString().Contains(\"{1}\")", rule.field, rule.data)); } } I was hoping my property would convert the expression from CONVERT(NVARCHAR,@p) to CONVERT(NVARCHAR,@p,126), however I get a NotSupportedException: ... has no supported translation to SQL. public string IsoDate { get { if (SUBMIT_DATE.HasValue) { return SUBMIT_DATE.Value.ToString("o"); } else { return string.Empty; } } }

    Read the article

  • LINQ-to-SQL and SQL Compact - database file sharing problem

    - by Eye of Hell
    Hello. I'm learing LINQ-to-SQL right now and i have wrote a simple application that define SQL data: [Table( Name = "items" )] public class Item { [ Column( IsPrimaryKey = true, IsDbGenerated = true ) ] public int Id; [ Column ] public string Name; } I have launched 2 copy of application connected to the same .sdf file and tested if all database modifications in one application affects another application. But strange thing arise. If i use InsertOnSubmit() and DeleteOnSubmit() in one application, added/removed items are instantly visible in other application via 'select' LINQ queue. But if i try to modify 'Name' field in one application, it is NOT visible in other applicaton until it reconnects the database :(. The test code i use: var Items = from c in db.Items where Id == c.Id select c; foreach( var Item in Items ) { Item.Name = "new name"; break; } db.SubmitChanges(); Can anyone suggest what i'm doing wrong and why InsertOnSubmit()/DeleteOnSubmit works and SubmitChanges() don't?

    Read the article

  • SQL 2005 w/ C# optimal "Paging"

    - by David Murdoch
    When creating a record "grid" with custom paging what is the best/optimal way to query the total number of records as well as the records start-end using C#? SQL to return paged record set: SELECT Some, Columns, Here FROM ( SELECT ROW_NUMBER() OVER (ORDER BY Column ASC) AS RowId, * FROM Records WHERE (...) ) AS tbl WHERE ((RowId > @Offset) AND (RowId <= (@Offset + @PageSize)) ) SQL to count total number of records: SELECT COUNT(*) FROM Records WHERE (...) Right now, I make two trips to the server: one for getting the records, and the other for counting the total number of records. What is/are the best way(s) to combine these queries to avoid multiple DB trips?

    Read the article

  • Migrating from Physical SQL (SQL2000) To VMWare machine (SQL2008) - Transferring Large DB

    - by alex
    We're in the middle of migrating from a windows & SQL 2000 box to a Virtualised Win & SQL 2k8 box The VMWare box is on a different site, with better hardware, connectivity etc... The old(current) physical machine is still in constant use - I've taken a backup of the DB on this machine, which is 21GB Transfering this to our virtual machine took around 7+ hours - which isn't ideal when we do the "actual" switchover. My question is - How should I handle the migration better? Could i set up our current machine to do log shipping to the VM machine to keep up to date? then, schedule down time out of hours to do the switch over? Is there a better way?

    Read the article

  • Handling auto-incrementing IDENTITY SQL Server fields with LINQ to SQL in C#

    - by Maxim Z.
    I'm building an ASP.NET MVC site that uses LINQ to SQL to connect to SQL Server, where I have a table that has an IDENTITY bigint primary key column that represents an ID. In one of my code methods, I need to create an object of that table to get its ID, which I will place into another object based on another table (FK-to-PK relationship). At what point is the IDENTITY column value generated and how can I obtain it from my code? Is the right approach to: Create the object that has the IDENTITY column Do an InsertOnSubmit() and SubmitChanges() to submit the object to the database table Get the value of the ID property of the object

    Read the article

  • how to write sql script to achieve the following

    - by 3nigma
    hi, so i have a table lets say call it "tbl.items" and there is a column "title" in "tbl.items" i want to loop through each row and for each "title" in "tbl.items" i want to do following: the column has the datatype nvarchar(max) and contains a string... filter the string to remove words like in,out, where etc (stopwords) compare the rest of the string to a predefined list and if there is a match perform some action which involves inserting data in other tables as well.. the problem is im ignotent when it comes to writing T-sql scripts, plz help and guide me how can i achieve this? whether it can be achieved by writing a sql script?? or i have to develope a console application in c# or anyother language?? im using mssql server 2008 thanks in advance

    Read the article

  • Month to Date in SQL Server 2008

    - by Aaron Smith
    Hopefully this will be an easy one to answer. I am working on a table that requires MTD data. One of our SQL guys told me to use MONTH (@monthtodate)= 11 Where @monthtodate is set to GetDate() in the parameter list in SQL Server Management Studio. So in "theory", he says, it should select the month (11) and then get today and return all the requested data in between those two dates. But I'm thinking this isn't correct. In looking at my data I'm starting to think that It's just returning data for the whole month of November instead of just MTD. I guess, technically, anything that has 0 won't be calculated. However that just means it's poorly written code correct? In your opinions, would this be the better way to return MTD data: production_date <= @today and Production_Date >= DATEADD(mm, DATEDIFF(mm, 0, @today), 0) Thanks in advance everyone!

    Read the article

  • Store time of the day in SQL

    - by nute
    How would you store a time or time range in SQL? It won't be a datetime because it will just be let's say 4:30PM (not, January 3rd, 4:30pm). Those would be weekly, or daily meetings. The type of queries that I need are of course be for display, but also later will include complex queries such as avoiding conflicts in schedule. I'd rather pick the best datatype for that now. I'm using MS SQL Server Express 2005. Thanks! Nathan

    Read the article

  • Convert SQL to LINQ to SQL

    - by Adam
    Hi I have the SQL query with c as ( select categoryId,parentId, name,0 as [level] from task_Category b where b.parentId is null union all select b.categoryId,b.parentId,b.name,[level] + 1 from task_Category b join c on b.parentId = c.categoryId) select name,[level],categoryId,parentId as item from c and I want to convert it to LINQ to SQL, yet my LINQ skills are not there yet. Could someone please help me convert this. It's the with and union statements that are making this a bit more complex for me. Any help appreciated.

    Read the article

  • ROW_NUMBER Alt in SQL Server 2000

    - by harekam_taj
    Hey Guys, Can anyone please help me with an alt. to ROW_NUMBER in SQL Server 2000. RIGHT now my procedure looks like this in SQL Server 2008 WITH cars as(SELECT carid,mileage,retailprice,imageurl,model,year, Zips.Distance AS Miles, Manufacturers.mfgName as Make,dealers.companyname as companyname, CASE @sortby WHEN 'D' THEN ROW_NUMBER() OVER (ORDER BY Manufacturers.mfgName) WHEN 'P' THEN ROW_NUMBER() OVER (ORDER BY retailprice) WHEN 'M' THEN ROW_NUMBER() OVER (ORDER BY mileage) END as 'rownum' FROM usedcars INNER JOIN #TempZips Zips ON Zips.ZipCode =usedcars.loczip left join Manufacturers on Manufacturers.mfgid=usedcars.mfgid left join dealers on dealers.dealerid = usedcars.dealerid where usedcars.active=1 and usedcars.dealerid=@dealerid) select @totalrecords as totalrec,* from cars where rownum between @skip and @take

    Read the article

  • SELECT with a Replace()

    - by andyjohnson
    I have a table of names and addresses, which includes a postcode column. I want to strip the spaces from the postcodes and select any that match a particular pattern. I'm trying this (simplified a bit) in T-SQL on SQL Server 2005: SELECT Replace(Postcode, ' ', '') AS P FROM Contacts WHERE P LIKE 'NW101%' But I get the following error; Msg 207, Level 16, State 1, Line 3 Invalid column name 'P'. If I remove the WHERE clause I get a list of postcodes without spaces, which is what I want to search. How should I approach this? What am I doing wrong?

    Read the article

  • Very Different Execution Times of SQL Query in C# and SQL Server Management Studio

    - by Paul
    I have a simple SQL query that when run from C# takes over 30 seconds then times-out every time, whereas when run on SQL Server Management Studio successfully completes instantly. In the latter case, a query execution plan reveals nothing troubling, and the execution time is spread nicely through a few simple operations. I've run 'EXEC sp_who2' while the query is running from C#, and it is listed as taking 29,000 milliseconds of CPU time, and is not blocked by anything. I have no idea how to begin solving this. Does anyone have some insight? The query is: SELECT c.lngId, ... FROM tblCase c INNER JOIN tblCaseStatus s ON s.lngId = c.lngId INNER JOIN tblCaseStatusType t ON t.lngId = s.lngId INNER JOIN [Another Database]..tblCompany cm ON cm.lngId = cs.lngCompanyId WHERE t.lngId = 25 AND c.IsDeleted = 0 AND s.lngStatus = 1

    Read the article

  • SQL Script To Generate a Database Dictionary **With Linked Fields**

    - by Albert
    I would like to generate a Data Dictionary for a SQL Server 2008 database that has one row for each field, and the following columns: table_name field_name data_type link_table (for when the field in question is a foreign key) link_field (for when the field in question is a foreign key) I can get the first 3 columns with something like the SQL script below...but I don't know how to get the last two columns of foreign key information. INFORMATION_SCHEMA.TABLE_CONSTRAINTS gets close, but doesn't have the data I'm looking for. Can someone help with this point? SELECT TABLE_NAME,COLUMN_NAME,DATA_TYPE FROM INFORMATION_SCHEMA.COLUMNS Secondarily if anyone has any suggestions on additional fields which would be helpful please post.

    Read the article

  • alias not working on sql server 2008 r2

    - by Saba
    I have several servers with SQL Server 2008 R2 instances on them, and alias doesn't work on any of them. Clients connect to these servers using TCP/IP without any problem, telnet works on IP/Port I use for my alias, the firewall exceptions are created, basically everything works fine, except when I create an alias, I can not connect through it to my server using either TCP/IP or named pipes (local or one of other servers). I've installed latest cumulative updates, which updates native client too (which I think is the source of problem) and I still have the problem. The stranger part is, if I create an alias on a server with sql server 2005 (native client 9), I can connect to my 2008 r2 instances. Any suggestions?

    Read the article

  • Cumulative Update packages for SQL Server 2008 are available now: CU7 for SQL2008 SP2 and CU2 for SQL2008 SP3

    - by ssqa.net
    Another instalment of Cumulative Update package for SQL Server 2008 SP3 is available now, which is CU2 and the build number is known as 10.00.5768.00. As usual this CU2 for SQL2008 SP3 contains hotfixes for issues that were fixed after the release of SQL Server 2008 Service Pack 3 (SP3). KBA2633143 list the following article numbers about more information on the fixes: VSTS bug number KB article number Description 794387 2522893 (http://support.microsoft.com/kb/2522893/ ) FIX: A backup operation...(read more)

    Read the article

  • Microsoft SQL Server 2008 R2 Administration Cookbook - Book and eBook expected June 2011. Pre-order now!

    - by ssqa.net
    Over 85 practical recipes for administering a high-performance SQL Server 2008 R2 system. Book and eBook expected June 2011 . Pre-order now! Multi-format orders get free access on PacktLib , This practical cookbook will show you the advanced administration techniques for managing and administering a scalable and high-performance SQL Server 2008 R2 system. It contains over 85 practical, task-based, and immediately useable recipes covering a wide range of advanced administration techniques for administering...(read more)

    Read the article

< Previous Page | 44 45 46 47 48 49 50 51 52 53 54 55  | Next Page >