how to write , separated query

Question

0.00/5 (No votes)

See more:

C#

"select TaskTimeIn,RIGHT(CONVERT(VARCHAR,TaskTimeIn,100),7)as TimeIn,TaskTimeOut,RIGHT(CONVERT(VARCHAR,TaskTimeOut,100),7)as TimeOut, TaskDescription FROM DailyTimeSheetTrackers where  EmployeeId='" + UserLog.UserId + "'',' CreateDateTime='"+StaticKeys.getLocaleDatefromUTC()+"'"

I have some confusion about this query can you please correct this query

Posted 15-Dec-15 21:40pm

Member 12097108

Add a Solution

Comments

aarif moh shaikh 16-Dec-15 4:07am

What you mean by Separated Query?? and why?

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Accepted Answer · 2015-12-15T22:07:00

Solution 1

No, we can't - we have no idea what it is meant to do that it doesn't, much less what it doesn't do that you think it should.

But...do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.

C#

using (SqlConnection con = new SqlConnection(strConnect))
    {
    con.Open();
    using (SqlCommand cmd = new SqlCommand("SELECT TaskTimeIn,RIGHT(CONVERT(VARCHAR,TaskTimeIn,100),7) AS TimeIn,TaskTimeOut,RIGHT(CONVERT(VARCHAR,TaskTimeOut,100),7) AS TimeOut, TaskDescription FROM DailyTimeSheetTrackers where  EmployeeId=@ID AND CreateDateTime=@CT", con))
        {
        cmd.Parameters.AddWithValue("@ID", UserLog.UserId);
        cmd.Parameters.AddWithValue("@CT", StaticKeys.getLocaleDatefromUTC());
        ...
        }
    }

It may even fix your problem...

Posted 15-Dec-15 22:07pm

OriginalGriff

Comments

Member 12097108 16-Dec-15 4:44am

Hello Sir...
DateTime date=StaticKeys.getLocaleDatefromUTC();
string constr = ConfigurationManager.AppSettings["Main.ConnectionString"];
using (SqlConnection con = new SqlConnection(constr))
{
con.Open();
using (SqlCommand cmd = new SqlCommand("select CONVERT(VARCHAR CreateDateTime,105)AS LoginDate, TaskTimeIn,RIGHT(CONVERT(VARCHAR,TaskTimeIn,100),7)as TimeIn,TaskTimeOut,RIGHT(CONVERT(VARCHAR,TaskTimeOut,100),7)as TimeOut, TaskDescription FROM DailyTimeSheetTrackers where EmployeeId=@ID AND CreateDateTime=@CT", con))
{
cmd.Parameters.AddWithValue("@ID", UserLog.UserId);
cmd.Parameters.AddWithValue("@CT", date);
using (SqlDataAdapter da = new SqlDataAdapter())
{
cmd.Connection = con;
da.SelectCommand = cmd;
DataSet ds = new DataSet();
da.Fill(ds);
GridView2.DataSource = ds;
GridView2.DataBind();
}
}
}
This is my code.

Incorrect syntax near 'CreateDateTime'. I was get this kind of error I dont how can i solve it.

OriginalGriff 16-Dec-15 4:50am

Commas are important:
CONVERT(VARCHAR CreateDateTime,105)
Should be
CONVERT(VARCHAR,CreateDateTime,105)

Member 12097108 16-Dec-15 5:00am

Thank you sir..

OriginalGriff 16-Dec-15 5:08am

You're welcome!

Member 12097108 16-Dec-15 5:13am

Sir I have one question.
according to this coding that i have posted .gridview display record now just i want to display last inserted 10 record so how can i implement in this coding.
can you help me or hint for it.

OriginalGriff 16-Dec-15 10:07am

How do you think?
First you need to order the records - because if you don't there is no "first" or "last" records.
so use ORDER BY ... DESC to give you the latest records first, then use TOP n to select just the number you want.

Member 12097108 17-Dec-15 5:16am

sir I have in very big problem.
by mistake I have deleted all record from database.please help me how can i take it back all record..please

OriginalGriff 17-Dec-15 5:38am

There is a good chance you can't - it depends on a number of factors.
So do nothing - it is quite likely that anything you do do will make things worse.
Go to your boss and tell him exactly what happened. He may have backups, log files, and the other stuff which makes it possible - but if you do further damage it may make it impossible to fix.
If this is the production DB then he is going to notice damn quick anyway - so run and tell him before the "shouty phone calls" start.
If this is your dev DB, then it's a less of a problem - you can recreate your data of clone it from the production DB.

You do keep good backups, don't you?

Member 12097108 17-Dec-15 5:49am

sir my database on live ftp server.If you have any kind of way to restore this record please help me for this.

OriginalGriff 17-Dec-15 6:02am

What the heck were you doing working with the live DB? :OMG:
Seriously - go to your boss *NOW*. Run, do not walk.
He is going to find out anyway, and if you pre-empt the news you mitigate the damage you have done, and hopefully reduce his (justifiable) anger.
It may be that he has daily backups you don;t know about, or that he has logging that you can't access. But he is the one you need to talk to, not me.