How do we concatenate strings that may have nulls?
I'm getting the following error:
...when attempting to execute:
#blocks_merged =
SELECT
AN_52_ENC_CSN_ID AS an_53_enc_csn_id,
string.IsNullOrEmpty(ARTERIAL_LINE_BLOCK_START_TIME) ? ("ARTERIAL_LINE_BLOCK_START_TIME: " + ARTERIAL_LINE_BLOCK_START_TIME) :""
+string.IsNullOrEmpty(BLOCK_PERIPHERAL_BLOCK_START_TIME) ? ("BLOCK_PERIPHERAL_BLOCK_START_TIME: " + BLOCK_PERIPHERAL_BLOCK_START_TIME) :""
+string.IsNullOrEmpty(BLOCK_SPINAL_BLOCK_START_TIME) ? ("BLOCK_SPINAL_BLOCK_START_TIME: " + BLOCK_SPINAL_BLOCK_START_TIME) :""
+string.IsNullOrEmpty(CENTRAL_LINE_BLOCK_START_TIME) ? ("CENTRAL_LINE_BLOCK_START_TIME: " + CENTRAL_LINE_BLOCK_START_TIME) :""
+string.IsNullOrEmpty(CSE_BLOCK_START_TIME) ? ("CSE_BLOCK_START_TIME: " + CSE_BLOCK_START_TIME) :""
+string.IsNullOrEmpty(SPINAL_DRAIN_BLOCK_START_TIME) ? ("SPINAL_DRAIN_BLOCK_START_TIME: " + SPINAL_DRAIN_BLOCK_START_TIME) :""
+string.IsNullOrEmpty(TEE_BLOCK_START_TIME) ? ("TEE_BLOCK_START_TIME: " + TEE_BLOCK_START_TIME) :""
+string.IsNullOrEmpty(TRANSVENOUS_PACING_WIRE_BLOCK_START_TIME) ? ("TRANSVENOUS_PACING_WIRE_BLOCK_START_TIME: " + TRANSVENOUS_PACING_WIRE_BLOCK_START_TIME) :"" AS BLOCK_START,
string.IsNullOrEmpty(ARTERIAL_LINE_BLOCK_END_TIME) ? ("ARTERIAL_LINE_BLOCK_END_TIME: " + ARTERIAL_LINE_BLOCK_END_TIME) :""
+string.IsNullOrEmpty(BLOCK_PERIPHERAL_BLOCK_END_TIME) ? ("BLOCK_PERIPHERAL_BLOCK_END_TIME: " + BLOCK_PERIPHERAL_BLOCK_END_TIME) :""
+string.IsNullOrEmpty(BLOCK_SPINAL_BLOCK_END_TIME) ? ("BLOCK_SPINAL_BLOCK_END_TIME: " + BLOCK_SPINAL_BLOCK_END_TIME) :""
+string.IsNullOrEmpty(CENTRAL_LINE_BLOCK_END_TIME) ? ("CENTRAL_LINE_BLOCK_END_TIME: " + CENTRAL_LINE_BLOCK_END_TIME) :""
+string.IsNullOrEmpty(CSE_BLOCK_END_TIME) ? ("CSE_BLOCK_END_TIME: " + CSE_BLOCK_END_TIME) :""
+string.IsNullOrEmpty(SPINAL_DRAIN_BLOCK_END_TIME) ? ("SPINAL_DRAIN_BLOCK_END_TIME: " + SPINAL_DRAIN_BLOCK_END_TIME) :""
+string.IsNullOrEmpty(TEE_BLOCK_END_TIME) ? ("TEE_BLOCK_END_TIME: " + TEE_BLOCK_END_TIME) :""
+string.IsNullOrEmpty(TRANSVENOUS_PACING_WIRE_BLOCK_END_TIME) ? ("TRANSVENOUS_PACING_WIRE_BLOCK_END_TIME: " + TRANSVENOUS_PACING_WIRE_BLOCK_END_TIME) :"" AS BLOCK_END
FROM #blocks;
How do we concatenate strings that may have nulls?
The code is trying to concatenate the first string with the next comparation of your ternary operator list. Basically instead of evaluating the ternary operator, you are concatenating the boolean expression of it first.
Solution: Add extra parenthesis in your script:
#blocks_merged =
SELECT
AN_52_ENC_CSN_ID AS an_53_enc_csn_id,
(
(string.IsNullOrEmpty(ARTERIAL_LINE_BLOCK_START_TIME) ? ("ARTERIAL_LINE_BLOCK_START_TIME: " + ARTERIAL_LINE_BLOCK_START_TIME) : "")
+(string.IsNullOrEmpty(BLOCK_PERIPHERAL_BLOCK_START_TIME) ? ("BLOCK_PERIPHERAL_BLOCK_START_TIME: " + BLOCK_PERIPHERAL_BLOCK_START_TIME) : "")
+(string.IsNullOrEmpty(BLOCK_SPINAL_BLOCK_START_TIME) ? ("BLOCK_SPINAL_BLOCK_START_TIME: " + BLOCK_SPINAL_BLOCK_START_TIME) : "")
+(string.IsNullOrEmpty(CENTRAL_LINE_BLOCK_START_TIME) ? ("CENTRAL_LINE_BLOCK_START_TIME: " + CENTRAL_LINE_BLOCK_START_TIME) : "")
+(string.IsNullOrEmpty(CSE_BLOCK_START_TIME) ? ("CSE_BLOCK_START_TIME: " + CSE_BLOCK_START_TIME) : "")
+(string.IsNullOrEmpty(SPINAL_DRAIN_BLOCK_START_TIME) ? ("SPINAL_DRAIN_BLOCK_START_TIME: " + SPINAL_DRAIN_BLOCK_START_TIME) : "")
+(string.IsNullOrEmpty(TEE_BLOCK_START_TIME) ? ("TEE_BLOCK_START_TIME: " + TEE_BLOCK_START_TIME) : "")
+(string.IsNullOrEmpty(TRANSVENOUS_PACING_WIRE_BLOCK_START_TIME) ? ("TRANSVENOUS_PACING_WIRE_BLOCK_START_TIME: " + TRANSVENOUS_PACING_WIRE_BLOCK_START_TIME) : "")
) AS BLOCK_START,
(
(string.IsNullOrEmpty(ARTERIAL_LINE_BLOCK_END_TIME) ? ("ARTERIAL_LINE_BLOCK_END_TIME: " + ARTERIAL_LINE_BLOCK_END_TIME) : "")
+(string.IsNullOrEmpty(BLOCK_PERIPHERAL_BLOCK_END_TIME) ? ("BLOCK_PERIPHERAL_BLOCK_END_TIME: " + BLOCK_PERIPHERAL_BLOCK_END_TIME) : "")
+(string.IsNullOrEmpty(BLOCK_SPINAL_BLOCK_END_TIME) ? ("BLOCK_SPINAL_BLOCK_END_TIME: " + BLOCK_SPINAL_BLOCK_END_TIME) : "")
+(string.IsNullOrEmpty(CENTRAL_LINE_BLOCK_END_TIME) ? ("CENTRAL_LINE_BLOCK_END_TIME: " + CENTRAL_LINE_BLOCK_END_TIME) : "")
+(string.IsNullOrEmpty(CSE_BLOCK_END_TIME) ? ("CSE_BLOCK_END_TIME: " + CSE_BLOCK_END_TIME) : "")
+(string.IsNullOrEmpty(SPINAL_DRAIN_BLOCK_END_TIME) ? ("SPINAL_DRAIN_BLOCK_END_TIME: " + SPINAL_DRAIN_BLOCK_END_TIME) : "")
+(string.IsNullOrEmpty(TEE_BLOCK_END_TIME) ? ("TEE_BLOCK_END_TIME: " + TEE_BLOCK_END_TIME) : "")
+(string.IsNullOrEmpty(TRANSVENOUS_PACING_WIRE_BLOCK_END_TIME) ? ("TRANSVENOUS_PACING_WIRE_BLOCK_END_TIME: " + TRANSVENOUS_PACING_WIRE_BLOCK_END_TIME) : "")
) AS BLOCK_END
FROM #blocks;
Extra parenthesis might seem redudant at times but they help organize your code and make sure the operations are done in the right order.
Related
Am I able to use a dynamic date range for the "where" parameter? I'd like to get all the data changed in the last 30 mins.
All I can find in the documentation is using static dates:
https://developer.xero.com/documentation/api/requests-and-responses
You could try using the query string in the Where Clause.
For Ex.
string querystr = "Date >= " +
"DateTime(" + dateFrom.Year.ToString() + ",
" + dateFrom.Month.ToString() + ", " + dateFrom.Day.ToString() + ") " +
"&& Date <= " +
"DateTime(" + dateTo.Year.ToString() + ", "
+ dateTo.Month.ToString() + ", " + dateTo.Day.ToString() + ")";
Passing this querystring to retrieve user defined date rage Invoices
Please see my pictures. I have store.And i want search (filter) in my store . "Hrubka is in English "Thickness"
These code works for me:
using (SqlDataAdapter dr = new SqlDataAdapter(" select * from tab_sklad where SMENA LIKE '%" + txt_smena_sklad_filter.Text +
"%'and DATUM LIKE '%" + txt_datum_sklad_filter.Text +
"%'and DODAVATEL LIKE '%" + cmb_firma_sklad_filter.Text +
"%'and CISLO_PALETY LIKE '%" + txt_paleta_sklad_filter.Text +
"%'and HRUBKA LIKE '%" + txt_hrubka_sklad_filter.Text +
"%'and KVALITA LIKE '%" + cmb_kvalita_sklad_filter.Text +
"%'and DRUH LIKE '%" + cmb_druh_sklad_filter.Text +
"%'", cn))
{
but I want add search "from to" : column "H"
SAMPLE:
between
from 40 to 50
Image
printscreen mycode
In general, when you are constructing queries, you should print out the query. Then the error is probably obvious.
Before even continuing, I also want to point out that you should be using parameterized queries. That has nothing to do with your issue, but it is the best practice.
Your last condition is:
HRUBKA BETWEEN VALUES'%" + txt_sklad_od.Text "%'AND'% " + txt_sklad_do.Text+"'"
You are using percent signs in the comparison values and have the keyword VALUES in an inappropriate place. I suspect that you intend some sort of wild-carding, such as with LIKE, but this is not how that works. For your current query structure you would remove the percent signs:
HRUBKA BETWEEN '" + txt_sklad_od.Text "' AND '" + txt_sklad_do.Text+"'"
Using #Gordon Linoff answer I wish to add some more edits to your code.
Your code isn't "injection safe" (check SQL Injection here). I also don't understand the use of BETWEEN here... Is HRUBKA a number field? (Int, float, numeric, etc)
If HRUBKA is a number it would be like:
double sklad_od = 0, sklad_do = 0;
using (SqlDataAdapter dr = new SqlDataAdapter(" select * from tab_sklad "
"where SMENA LIKE '%" + String.IsNullOrEmpty(txt_smena_sklad_filter.Text) ? "'" : (txt_smena_sklad_filter.Text.Replace("'", "''") + "%'") +
" and DATUM LIKE '%" + String.IsNullOrEmpty(txt_datum_sklad_filter.Text) ? "'" : (txt_datum_sklad_filter.Text.Replace("'", "''") + "%'") +
" and DODAVATEL LIKE '%" + String.IsNullOrEmpty(cmb_firma_sklad_filter.Text) ? "'" : (cmb_firma_sklad_filter.Text.Replace("'", "''") + "%'") +
" and CISLO_PALETY LIKE '%" + String.IsNullOrEmpty(txt_paleta_sklad_filter.Text) ? "'" : (txt_paleta_sklad_filter.Text.Replace("'", "''") + "%'") +
" and HRUBKA LIKE '%" + String.IsNullOrEmpty(txt_hrubka_sklad_filter.Text) ? "'" : (txt_hrubka_sklad_filter.Text.Replace("'", "''") + "%'") +
" and KVALITA LIKE '%" + String.IsNullOrEmpty(cmb_kvalita_sklad_filter.Text) ? "'" : (cmb_kvalita_sklad_filter.Text.Replace("'", "''") + "%'") +
" and DRUH LIKE '%" + String.IsNullOrEmpty(cmb_druh_sklad_filter.Text) ? "'" : (cmb_druh_sklad_filter.Text.Replace("'", "''") + "%'") +
(double.TryParse(txt_sklad_od.Text, out sklad_od) && double.TryParse(txt_sklad_do.Text, out sklad_do) ? (" and HRUBKA BETWEEN " + sklad_od + " AND " + sklad_do) : "") +
" ", cn))
Otherwise :
using (SqlDataAdapter dr = new SqlDataAdapter(" select * from tab_sklad "
"where SMENA LIKE '%" + String.IsNullOrEmpty(txt_smena_sklad_filter.Text) ? "'" : (txt_smena_sklad_filter.Text.Replace("'", "''") + "%'") +
" and DATUM LIKE '%" + String.IsNullOrEmpty(txt_datum_sklad_filter.Text) ? "'" : (txt_datum_sklad_filter.Text.Replace("'", "''") + "%'") +
" and DODAVATEL LIKE '%" + String.IsNullOrEmpty(cmb_firma_sklad_filter.Text) ? "'" : (cmb_firma_sklad_filter.Text.Replace("'", "''") + "%'") +
" and CISLO_PALETY LIKE '%" + String.IsNullOrEmpty(txt_paleta_sklad_filter.Text) ? "'" : (txt_paleta_sklad_filter.Text.Replace("'", "''") + "%'") +
" and HRUBKA LIKE '%" + String.IsNullOrEmpty(txt_hrubka_sklad_filter.Text) ? "'" : (txt_hrubka_sklad_filter.Text.Replace("'", "''") + "%'") +
" and KVALITA LIKE '%" + String.IsNullOrEmpty(cmb_kvalita_sklad_filter.Text) ? "'" : (cmb_kvalita_sklad_filter.Text.Replace("'", "''") + "%'") +
" and DRUH LIKE '%" + String.IsNullOrEmpty(cmb_druh_sklad_filter.Text) ? "'" : (cmb_druh_sklad_filter.Text.Replace("'", "''") + "%'") +
" and HRUBKA LIKE '%" + String.IsNullOrEmpty(txt_sklad_do.Text) ? "'" : (txt_sklad_do.Text.Replace("'", "''") + "%'") +
" ", cn))
Right now I am using the following code to generate the WHERE clause in my query. I have a parameter for the search column (searchColumn) plus another parameter from a checked listbox that I use.
If no item is checked there is no WHERE clause at all.
Is it possible to put this into a parameterized query? For the second part there's most likely a way like searchColumn NOT IN ( ... ) where ... ist the data from an array. Though I am not sure how to handle the case when there's nothing checked at all.
Any thoughts or links on this?
strWhereClause = "";
foreach (object objSelected in clbxFilter.CheckedItems)
{
string strSearch = clbxFilter.GetItemText(objSelected);
if (strWhereClause.Length == 0)
{
strWhereClause += "WHERE (" + searchColumn + " = '" + strSearch + "' "
+ "OR " + searchColumn + " = '" + strSearch + "') ";
}
else
{
strWhereClause += "OR (" searchColumn " = '" + strSearch + "' "
+ "OR " + searchColumn + " = '" + strSearch + "') ";
}
}
It sounds like you're just trying to dynamically build a parameterized query string using C#. You're halfway there with your code - my example below builds up a dictionary with paramter names and parameter values, which you can then use to create SqlParamters. One thing I'm not 100% sure about is where searchColumn is coming from - is this generated from user input? That could be dangerous, and parameterizing that would require using some dynamic SQL and probably some validation on your part.
strWhereClause = "";
Dictionary<string, string> sqlParams = new Dictionary<string, string>();
int i = 1;
string paramName= "#p" + i.ToString(); // first iteration: "#p1"
foreach (object objSelected in clbxFilter.CheckedItems)
{
string strSearch = clbxFilter.GetItemText(objSelected);
if (strWhereClause.Length == 0)
{
strWhereClause += "WHERE (thisyear." + strKB + " = #p1 OR " + searchColumn + " = #p1) ";
sqlParams.Add(paramName, strSearch);
i = 2;
}
else
{
paramName = "#p" + i.ToString(); // "#p2", "#p3", etc.
strWhereClause += "OR (" searchColumn " = " + paramName + " "OR " + searchColumn + " = " + paramName + ") ";
sqlParams.Add(paramName, strSearch);
i++;
}
}
Then, when parameterizing your query, just loop through your dictionary.
if (sqlParams.Count != 0 && strWhereclause.Length != 0)
{
foreach(KeyValuePair<string, string> kvp in sqlParams)
{
command.Parameters.Add(new SqlParamter(kvp.Name, SqlDbType.VarChar) { Value = kvp.Value; });
}
}
For reference only:
string strWhereClause;
string searchColumn;
string strKB;
SqlCommand cmd = new SqlCommand();
private void button1_Click(object sender, EventArgs e)
{
strWhereClause = "";
int ParmCount = 0;
foreach (object objSelected in clbxFilter.CheckedItems)
{
string strSearch = clbxFilter.GetItemText(objSelected);
ParmCount += 1;
string strParamName = "#Param" + ParmCount.ToString(); //Param1→ParamN
cmd.Parameters.Add(strParamName, SqlDbType.NVarChar);
cmd.Parameters[strParamName].Value = strSearch;
if (strWhereClause.Length == 0)
{
strWhereClause += "WHERE (thisyear." + strKB + " = " + strParamName + " "
+ "OR " + searchColumn + " = " + strParamName + ") ";
}
else
{
strWhereClause += "OR (thisyear." + strKB + " = " + strParamName + " "
+ "OR " + searchColumn + " = " + strParamName + ") ";
}
}
}
I am trying to run this Query in my VB Application but receive an error saying:
unable to cast object of type 'system.string' to type 'system.iformatprovider'
SQL = "insert into billing_pdf_archive (reseller_sequence, invoice_number, pdf, worddoc, csv_cdr_file, csv_services_file, sub_total, vat_amount, grand_total, invoice_type, directdebit) values ('" + reseller.ToString + "','" + invoice_number.ToString + "', '" + Replace(reseller_company_name + "-" + invoice_number + ".pdf", " ", "_") + "', '" + Replace(reseller_company_name + "-" + invoice_number + ".doc", " ", "_") + "', '" + Replace(reseller_company_name + "-" + invoice_number.ToString + "_CDR.xlsx", " ", "_") + "', '" + Replace(reseller_company_name + "-" + invoice_number.ToString + "_Services.xlsx", " ", "_") + "', " + total.ToString("F2") + ", " + vat_amount.ToString("F2") + ", " + grand_total.ToString("F2") + ", 'Month End Reseller', '" + customer_direct_debit + "')"
conn3.ConnectionString = "server=" + global_variables.web_server_ip + "; user id=" + global_variables.web_server_username + "; password=" + global_variables.web_server_password + "; database=" + global_variables.web_server_database + "; "
conn3.Open()
myCommand3.Connection = conn3
myCommand3.CommandText = SQL
myCommand3.ExecuteNonQuery()
conn3.Close()
This is not a complete answer but I'll post it as an answer so that I can post formatted code. If you do as suggested in the comments and write clean, readable code then it will become obvious where the issue is and how to fix it. When you have one line that does lots of different things then working out what on that line is causing an issue is all but impossible. You should use an XML literal for your SQL code, parameters for your values and a connection string builder, e.g.
Dim sql = <sql>
INSERT INTO MyTable
(
Column1,
Column2
)
VALUES
(
#Column1,
#Column2
)
</sql>
command.CommandText = sql.Value
command.Parameters.AddWithValue("#Column1", value1)
command.Parameters.AddWithValue("#Column2", value2)
Dim builder As New SqlConnectionStringBuilder
builder.DataSource = server
builder.InitialCatalog = database
connection.ConnectionString = builder.ConnectionString
Now you'll be able to see exactly what part of your code is causing the issue and, if you still can't solve it yourself, will be able to point out where the issue is to us instead of expecting us to read that dog's breakfast.
I know similar questions has been before but I just couldn't quite understand them, still very new to SQL and wanting to get the solution as well as understanding why it wouldn't work originally.
sql = "UPDATE e " +
"SET " +
"e.Operator = '" + emp.Operator + "', " +
"e.LoginName = '" + emp.Login + "', " +
"e.Active = " + (emp.Active == true ? 1 : 0) + "," +
"e.Position = '" + emp.Position + "', " +
"p.Admin = " + (emp.Permission.Admin == true ? 1 : 0) + "," +
"p.Manager = " + (emp.Permission.Manager == true ? 1 : 0) + "," +
"p.Overtime = " + (emp.Permission.Overtime == true ? 1 : 0) + "," +
"p.TimeInLieu = " + emp.Permission.TimeInLieu + " " +
"FROM Employee e INNER JOIN Permissions p " +
"ON e.PermissionID = p.PermissionID AND e.Operator = '" + employee + "'";
when trying to execute the command I get this error.
The multi-part identifier "p.Admin" could not be bound.
Any help would be greatly received.