Here's my SQL statement:
SELECT username, vacation, sick, profit_sharing FROM tblUsername WHERE (username = '" & request.servervariables("LOGON_USER") & "')
This code doesn't return any values. What have I done wrong?
Thanksi suggest you inspect the value of request.servervariables("LOGON_USER") to see if it's what you were expecting...|||Is its... it returns the username I have in the db but if won't pull the data. Is my SQL syntax correct?|||SQL syntax looks correct.
generate the sql statement into a string variable that you can get the value of.
then past the resulting string into SQL Query Analyzer and try to run it.|||Well, I've kind gone in a different direction. Here's my new code which won't work either. Please take a look and tell me what I'm supposed to put around the authUser code.
String authUser = User.Identity.Name;
this.sqlSelectCommand1.CommandText = "SELECT username, vacation, sick, profit_sharing FROM tblUsername WHERE (username = authUser)";
Thanks in advance. I really appreciate your help.|||That doesn't make any sense, authUser doesn't do anything there. Have yoi tried what the previous poster asked and run the SQL in Query Analyser?|||That's the problem, I'm not sure what characters I need to place around authUser to let ASP or whatever know that I'm trying to use a dynamic variable.|||You're just creating a string that is a valid SQL statement. As suggested, do this:
Create a string variable
Assign it the value of the SQL statement you're trying to build
Write that string out to the screen
Copy and paste it into Query Analyzer
Run it
Whatever you get back is what you should be getting back into your page. If you get a syntax error or nothing back, then you can figure out what's wrong from there. It's a pretty simple statement; it should be easy to troubleshoot in QA.|||Here's another way to do the same thing but once again I don't know how to get the variable string3 into SQL. I have the '&string3&' and that doesn't work. So I tried ' "&string3&" ' and then I get an error about &'s and strings. PLEASE HELP.
|||you shouldnt be using dynamic SQL strings, you should really be using parameters. it's safer.
string string1 = @.User.Identity.Name;
string string2 = @."(SEQUOIA\\)";
string string3 = Regex.Replace(string1, string2, "");this.sqlSelectCommand1.CommandText = "SELECT username, vacation, sick, profit_sharing FROM tblUsername WHERE (username = '&string3&')";
anyways, you need to wrap the string var in single quotes
ive added some extra whitespace so you can see it better
this.sqlSelectCommand1.CommandText = "SELECT username, vacation, sick, profit_sharing FROM tblUsername WHERE (username = ' " & string3 & " ' ) ";
the proper string without the extra whitespace is this:
this.sqlSelectCommand1.CommandText = "SELECT username, vacation, sick, profit_sharing FROM tblUsername WHERE (username = '" & string3 & "')";
of course, if your string var contains quote characters, you can have problems
and you're also susceptible to injection attacks when you use concatenated strings as SQL statements. read up on using parameters in your queries...|||Oh don't run before you can walk. Please just find Query Analyser and run...
SELECT username, vacation, sick, profit_sharing FROM tblUsername WHERE username = 'BOB'
and see what happens.|||I did the QA and it worked fine when I replaced the string3 with my username it came back with the info I requested.|||I pasted your code into the page and I got this error:
Operator '&' cannot be applied to operands of type 'string' and 'string'|||The "&" is a VB string contatenation operator.
replace it with whatever C# uses - isnt it a "+"|||i'm confused. c#'s case sensitive, so how is request.servervariables even rendered.
hah
No comments:
Post a Comment