Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP General > query in ASP to SQL db

Reply
Thread Tools

query in ASP to SQL db

 
 
amatuer
Guest
Posts: n/a
 
      10-18-2006
<% Datum = "1/1/2005"
Datum = cdate(datum)
Datum2 = datum + 9


Datum = Month(Datum) & "-" & Day(Datum) & "-" & Year(Datum)
Datum2 = Month(Datum2) & "-" & Day(Datum2) & "-" & Year(Datum2)

sql = "SELECT R_Reenval.NAAM, R_Reenval.Jaar, R_Reenval.Maand,
R_Reenval.Dag, R_Reenval.Reenval_Silo, Sum(Reenval_Silo) AS
SumOfReenval_Silo FROM R_Reenval WHERE ((R_Reenval.NAAM)='klerksdorp')
AND (R_Reenval.Datum Between " & cdate(Datum) & " And " & cdate(Datum2)
& ") Group By R_Reenval.NAAM, R_Reenval.Jaar, R_Reenval.Maand,
R_Reenval.Dag, R_Reenval.Reenval_Silo ORDER BY Jaar, Maand, Dag" %>

I am tryng to query some data according to dates...No matter hw I
change the format of the date variables, my recordset still returns no
data.

Any ideas, suggestions please. Any help will be gr8ly appreciated..thanx

 
Reply With Quote
 
 
 
 
Ray Costanzo [MVP]
Guest
Posts: n/a
 
      10-18-2006
Tell us what kind of database you're using; that's quite important.

Ray at work

"amatuer" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
> <% Datum = "1/1/2005"
> Datum = cdate(datum)
> Datum2 = datum + 9
>
>
> Datum = Month(Datum) & "-" & Day(Datum) & "-" & Year(Datum)
> Datum2 = Month(Datum2) & "-" & Day(Datum2) & "-" & Year(Datum2)
>
> sql = "SELECT R_Reenval.NAAM, R_Reenval.Jaar, R_Reenval.Maand,
> R_Reenval.Dag, R_Reenval.Reenval_Silo, Sum(Reenval_Silo) AS
> SumOfReenval_Silo FROM R_Reenval WHERE ((R_Reenval.NAAM)='klerksdorp')
> AND (R_Reenval.Datum Between " & cdate(Datum) & " And " & cdate(Datum2)
> & ") Group By R_Reenval.NAAM, R_Reenval.Jaar, R_Reenval.Maand,
> R_Reenval.Dag, R_Reenval.Reenval_Silo ORDER BY Jaar, Maand, Dag" %>
>
> I am tryng to query some data according to dates...No matter hw I
> change the format of the date variables, my recordset still returns no
> data.
>
> Any ideas, suggestions please. Any help will be gr8ly appreciated..thanx
>



 
Reply With Quote
 
 
 
 
Bob Barrows [MVP]
Guest
Posts: n/a
 
      10-18-2006
amatuer wrote:
> <% Datum = "1/1/2005"
> Datum = cdate(datum)
> Datum2 = datum + 9
>
>
> Datum = Month(Datum) & "-" & Day(Datum) & "-" & Year(Datum)
> Datum2 = Month(Datum2) & "-" & Day(Datum2) & "-" & Year(Datum2)
>
> sql = "SELECT R_Reenval.NAAM, R_Reenval.Jaar, R_Reenval.Maand,
> R_Reenval.Dag, R_Reenval.Reenval_Silo, Sum(Reenval_Silo) AS
> SumOfReenval_Silo FROM R_Reenval WHERE ((R_Reenval.NAAM)='klerksdorp')
> AND (R_Reenval.Datum Between " & cdate(Datum) & " And " &
> cdate(Datum2) & ") Group By R_Reenval.NAAM, R_Reenval.Jaar,
> R_Reenval.Maand, R_Reenval.Dag, R_Reenval.Reenval_Silo ORDER BY Jaar,
> Maand, Dag" %>
>
> I am tryng to query some data according to dates...No matter hw I
> change the format of the date variables, my recordset still returns no
> data.
>

If, by "SQL db" you mean MS SQL Server, then:

Your use of dynamic sql is leaving you vulnerable to hackers using sql
injection:
http://mvp.unixwiz.net/techtips/sql-injection.html
http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23

See here for a better, more secure way to execute your queries by using
parameter markers:
http://groups-beta.google.com/group/...e36562fee7804e

Personally, I prefer using stored procedures:
http://tinyurl.com/jyy0


--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.


 
Reply With Quote
 
Daniel Crichton
Guest
Posts: n/a
 
      10-18-2006
amatuer wrote on 18 Oct 2006 02:58:03 -0700:

> <% Datum = "1/1/2005"
> Datum = cdate(datum)
> Datum2 = datum + 9
>
> Datum = Month(Datum) & "-" & Day(Datum) & "-" & Year(Datum)
> Datum2 = Month(Datum2) & "-" & Day(Datum2) & "-" & Year(Datum2)
>
> sql = "SELECT R_Reenval.NAAM, R_Reenval.Jaar, R_Reenval.Maand,
> R_Reenval.Dag, R_Reenval.Reenval_Silo, Sum(Reenval_Silo) AS
> SumOfReenval_Silo FROM R_Reenval WHERE ((R_Reenval.NAAM)='klerksdorp')
> AND (R_Reenval.Datum Between " & cdate(Datum) & " And " & cdate(Datum2)
> & ") Group By R_Reenval.NAAM, R_Reenval.Jaar, R_Reenval.Maand,
> R_Reenval.Dag, R_Reenval.Reenval_Silo ORDER BY Jaar, Maand, Dag" %>
>
> I am tryng to query some data according to dates...No matter hw I
> change the format of the date variables, my recordset still returns no
> data.
>
> Any ideas, suggestions please. Any help will be gr8ly appreciated..thanx


Don't use MM-DD-YYYY format for a start, it's ambiguous (depending on the
region settings, the day or month number could be switched). And don't
reconvert the dates back to VB date format using CDate in the query
construction. If you insist on not using a stored procedure then use an
unambiguous date format such as YYYYMMDD.

Dan


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ASP.NET won't retrieve query results that depend on union query Eric Nelson ASP .Net 5 02-04-2009 10:51 PM
SQL Reference, SQL Queries, SQL help ecoolone ASP .Net 0 01-03-2008 10:58 AM
What Happened to Sql Enterprise Manager and Sql Query Analyser in Visual Studio 2005 Edward ASP .Net 4 04-10-2006 04:15 PM
Build dynamic sql query for JSTL <sql:query> Anonymous Java 0 10-13-2005 10:01 PM



Advertisments