Dummy in SQL here needing to update an extended property of a stored procedure. Can only find info on updating table contents, not properties.
Needing to send a query to a database from a C# function.
It would read something like;
string query = "Update StoredProcedureName SET caption = 'newValue' WHERE caption = 'oldValue' "
Where caption is the name of an extended property.
here you can find info about how to update an extended property
https://msdn.microsoft.com/en-us/library/ms186885.aspx
example :
string query = "EXEC sp_updateextendedproperty ";
query += " #name = N'Caption' ";
query += " ,#value = 'newValue.' ";
query += " ,#level0type = N'Schema', #level0name = dbo ";
query += " ,#level1type = N'Procedure', #level1name = STOREDPROCNAME ";
query += " ,#level2type = N'Property', #level2name = Caption; ";
than send your query to your database as you did before
Related
I have written this query:
String sql = "Update db " +
"SET LName = '"+txtLName.getText()+"'," +
"ATC_Code = '"+txtATCcode.getText()+"'," +
"ATC_Name= '"+txtATCname.getText()+"'," +
"Course_Name = '"+txtCourseName.getText()+"'," +
"Course_Fee = '"+txtCourseFee.getText()+"'," +
"Where FName = '"+txtFName.getText()+"' ";
And I got an error like:
Malformed SQL Statement: Expected ',', found 'Anuja'`.
Statement:Update db SET LName = 'df',ATC_Code = '323',ATC_Name= 'sd',Course_Name = 'd',Course_Fee = '534',Where FName = 'Anuja'
Remove last , for Set statement:
String sql = "Update db " +
"SET LName = '"+txtLName.getText()+"'," +
"ATC_Code = '"+txtATCcode.getText()+"'," +
"ATC_Name= '"+txtATCname.getText()+"'," +
"Course_Name = '"+txtCourseName.getText()+"'," +
"Course_Fee = '"+txtCourseFee.getText() + //here does not need '
"Where FName = '"+txtFName.getText()+"' ";
On a side note, this kind of sql command generation(concatenating strings that contains some values) are suspect to SQL injection attacks, to prevent this type of attacks, use paramaters and set the parameters values instead. See SQL injection for more information.
Update db
SET LName = 'df',
ATC_Code = '323',
ATC_Name= 'sd',
Course_Name = 'd',
Course_Fee = '534',
Where FName = 'Anuja'
Only will change remove last comma ','
Update db
SET LName = 'df',
ATC_Code = '323',
ATC_Name= 'sd',
Course_Name = 'd',
Course_Fee = '534'
Where FName = 'Anuja'
I try to prevent SQL injection in SQL query. I used following code to do it but unfortunately I faced some problem. The query is not running in oracle DB:
strQuery = #"SELECT PASSWORD FROM IBK_USERS where upper(user_id) =upper(:UserPrefix) AND user_suffix=:UserSufix AND STATUS_CODE='1'";
//strQuery = #"SELECT PASSWORD FROM IBK_CO_USERS where user_id = '" + UserPrefix + "' AND user_suffix='" + UserSufix + "' AND STATUS_CODE='1'";
try
{
ocommand = new OracleCommand();
if (db.GetConnection().State == ConnectionState.Open)
{
ocommand.CommandText = strQuery;
ocommand.Connection = db.GetConnection();
ocommand.Parameters.Add(":UserSufix", OracleDbType.Varchar2,ParameterDirection.Input);
ocommand.Parameters[":UserSufix"].Value = UserSufix;
ocommand.Parameters.Add(":UserPrefix", OracleDbType.Varchar2,ParameterDirection.Input);
ocommand.Parameters[":UserPrefix"].Value = UserPrefix.ToUpper();
odatareader = ocommand.ExecuteReader();
odatareader.Read();
if (odatareader.HasRows)
{
Your parameters shouldn't contain the semicolon :. This is just an indicator in your query that the variable that follows is a parameter, but you don't have to supply that on the .NET side:
ocommand.Parameters["UserSufix"] = ...
Here is my Code:
Dim CompanyName, _
CompanyDomain, _
CompanyEmail, _
CompanySupportPhone
Call GetEmailList
Sub GetEmailList
dim sql
dim companydata
sql = ""
sql = sql & " DECLARE #CompanyName VARCHAR(100);"
sql = sql & " DECLARE #CompanyDomain VARCHAR(100);"
sql = sql & " DECLARE #CompanyActivityEmail VARCHAR(100);"
sql = sql & " DECLARE #CompanySupportPhone VARCHAR(100);"
sql = sql & " SELECT"
sql = sql & " #CompanyName = CASE WHEN Setting = 'CompanyName'"
sql = sql & " THEN StringValue ELSE #CompanyName END,"
sql = sql & " #CompanyDomain = CASE WHEN Setting = 'CompanyDomain'"
sql = sql & " THEN StringValue ELSE #CompanyDomain END,"
sql = sql & " #CompanyActivityEmail = CASE WHEN Setting = 'CompanyActivityEmail'"
sql = sql & " THEN StringValue ELSE #CompanyActivityEmail END,"
sql = sql & " #CompanySupportPhone = CASE WHEN Setting = 'CompanySupportPhone'"
sql = sql & " THEN StringValue ELSE #CompanySupportPhone END"
sql = sql & " FROM ClientSettings"
sql = sql & " WHERE Setting in ('CompanyDomain','CompanyActivityEmail','CompanySupportPhone','CompanyName')"
sql = sql & " SELECT ISNULL(#CompanyName, '') AS CompanyName, ISNULL(#CompanyDomain, '') AS CompanyDomain, ISNULL(#CompanyActivityEmail, '') AS CompanyEmail, ISNULL(#CompanySupportPhone, '') AS CompanySupportPhone"
set companydata = getRecordset(sql)
CompanyName = companydata("CompanyName") ' LINE 80
CompanyDomain = companydata("CompanyDomain")
CompanyEmail = companydata("CompanyEmail")
CompanySupportPhone = companydata("CompanySupportPhone")
companydata.Close
Set companydata = Nothing
End Sub
This throws an error:
Line 80
Item cannot be found in the collection corresponding to the requested
name or ordinal.
I marked line 80 above. I run this exact same SQL in SQL Server Manager and it returns results:
CompanyName CompanyDomain CompanyEmail CompanySupportPhone
MyCompanyName http://localhost MyCompanyName#email.com 801-555-1212
Any idea what I am doing wrong here?
GetRecordSet correctly loads and processes the database call, this function works in 1,000 other places. I'm sure the problem isn't there.
Add
sql = sql & " SET NOCOUNT ON;"
as the first SQL statement.
SET NOCOUNT ON usage
I'm getting a syntax error in this SQL, and can't seem to figure out why?
The SQL UPDATE returns this on the error:
UPDATE Tankstationer
SET Long='12.5308724', Lat='55.6788735'
WHERE Id = 2;
Here's my code:
foreach (var row in reader)
{
var id = reader.GetInt32(0);
var adress = reader.GetString(1);
var zip = reader.GetDouble(2);
var city = reader.GetString(3);
var adressToParse = adress + " " + zip + " " + city;
GMapGeocoder.Containers.Results result = Util.Geocode(adressToParse, key);
foreach (GMapGeocoder.Containers.USAddress USAdress in result.Addresses )
{
var google_long = convertNumberToDottedGoogleMapsValid(USAdress.Coordinates.Longitude);
var google_lat = convertNumberToDottedGoogleMapsValid(USAdress.Coordinates.Latitude);
Message.Text = "Lattitude: " + google_long + System.Environment.NewLine;
Message.Text = "Longitude: " + google_lat + System.Environment.NewLine;
string updatesql = "UPDATE Tankstationer SET Long='" +google_long+ "', Lat='" +google_lat+ "' WHERE Id = " +id+"";
OleDbCommand update = new OleDbCommand();
update.CommandText = updatesql;
update.Connection = conn;
reader = update.ExecuteReader();
Message.Text = "Done";
}
}
The error is probably because you are executing a reader, but your query does not return anything. Call update.ExecuteNonQuery() instead.
"Long" is a reserved word in Access. If you can't change the schema to call that column something else, put it in brackets:
UPDATE Tankstationer
SET [Long]='12.5308724', Lat='55.6788735'
WHERE Id = 2;
try using update.ExecuteNonQuery() instead of reader.
Saw other comments too late.
I don't use access often, but mine it's using <"> for text delimiter, not <'>
Try:
"id" is being set to Int32 (var id = reader.GetInt32(0);) but you are concatenating it to a string (WHERE Id = " +id+"";). Make sure that id is cast as a string value and not an int.
I am executing Dynamic SQL,
sqlQuery = " SELECT ";
sqlQuery += _Allowed + " , ";
sqlQuery += " + cast( ";
sqlQuery += " _ID as nvarchar ) ";
sqlQuery += " FROM ";
sqlQuery += " TBL_SUCCESS ";
when i execute it suppose to return common separated values like 2,4,5 in single column
instead it return values in separate column
my MyDataTable suppose to populate
Column1
2,4,5
but it populates
column1 column2 column3
2 4 5
How to get the output?
Need to see the value of _Allowed to know what else is happening, but you need to at least put quotes around the comma and concatenate it inside the SQL statement, like this:
sqlQuery += _Allowed + " + ' , ' ";