Click here to Skip to main content
15,892,927 members
Search within:


getting different results from below two sql commands however output of 1171 rows required. Solution will be appreciated. Thanks in advance.
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
SQL
server
SQL
declare @FromDate varchar(20)='01-02-2010',@ToDate varchar(20)='31-12-2012'
set dateformat dmy

1.
select * From View_getReportFullDataDump
where cast(cast(Convert(datetime,[Date of Intimation to Vigilance]) as float) as int) Between cast(Cast(CAST(@FromDate   as datetime) as float) as int) and  cast(Cast(CAST(  @ToDate   as datetime) as float) as int)
Order By CaseUIDNo

output - 1171 rows

2.
execute('select * From View_getReportFullDataDump' +
			' where cast(cast(Convert(datetime,[Date of Intimation to Vigilance]) as float) as int) Between cast(Cast(CAST(' + @FromDate + ' as datetime) as float) as int) and  cast(Cast(CAST(' + @ToDate + ' as datetime) as float) as int)' + 
			 ' Order By CaseUIDNo')

output - 0 rows
Posted
Updated 27-Mar-15 2:47am
v3
Add a Solution
Comments
Suvendu Shekhar Giri 27-Mar-15 8:46am    
Just a suggestion: For parameterised sql queries it's recommended to use sp_executesql instead of execute
Richard Deeming 27-Mar-15 9:12am    
Don't store date values as strings; use one of the date types[^] provided by SQL.

And, as the previous commenter said, don't use string concatenation to build a query. Use sp_executesql[^], and pass the parameters as parameters.
CHill60 27-Mar-15 9:13am    
If you change that execute to Print you can examine the query that you are trying to run in section 2. Look at the dates - do they look alright to you?
John C Rayan 27-Mar-15 12:28pm    
Clearly this query is different from the 1st one.
2.
execute('select * From View_getReportFullDataDump' +
' where cast(cast(Convert(datetime,[Date of Intimation to Vigilance]) as float) as int) Between cast(Cast(CAST(' + @FromDate + ' as datetime) as float) as int) and cast(Cast(CAST(' + @ToDate + ' as datetime) as float) as int)' +
' Order By CaseUIDNo')

@FromDate and @ToDate should be part of the SQL but you are concatenating the values of them rather than the variables as such. Hope you understand what I am saying. If not shout.

1 solution

Your concatenated execute doesn't have single quotes for your date strings.

Change

SQL
'cast(Cast(CAST(' + @FromDate + ' as datetime) as float) as int)'


To

SQL
'cast(Cast(CAST(''' + @FromDate + ''' as datetime) as float) as int)'


And repeat for to date

What you're currently trying to execute is:

SQL
cast(Cast(CAST(31-12-2012 as datetime) as float) as int)


I'm surprised you're not getting an error.

But this type of SQL execution is dangerous.

I could potentially use your application to submit this:

SQL
';DELETE FROM ReportData;'


The semi colon would terminate the first part of the statement, which would error, and then it would run my delete command.

This type of attack is known as an SQL Injection attack.

Using sp_ExecuteSQL would allow you to safely pass your parameters into your dynamic SQL.

Info on SQL Injections

https://www.owasp.org/index.php/SQL_Injection[^]

Info on sp_ExecuteSQL vs Execute and using parameters

Building Dynamic SQL In a Stored Procedure[^]
 
Share this answer
 
Posted
Updated 27-Mar-15 7:05am
v4
Comments
Richard Deeming 27-Mar-15 13:23pm    
The reason you don't get an error is due to the way SQL converts numbers to datetime.

31-12-2012 is treated as 31 - 12 - 2012 = -1993. SQL treats datetime as the number of days since 1st January 1900, so -1993 is converted to 18th July 1894.
Sneha Bhushan 30-Mar-15 0:59am    
i tried as suggested and it worked. thanks a ton.
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
How to get two results for the SQL query
Sql query to get data which has same id in multiple rows with different state
Sql Query to get required output
SQL date difference between rows
Wired result in two float number different result
Why at commands give different results on different devices
How do I return values on the required column in the final table as below
sql distinct command improper result
Substring command in SQL server is giving different output on 2 different SQL server databases
Console output different results

Advertise
Privacy
Cookies
Terms of Use
Last Updated 27 Mar 2015
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web03 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900