I am in the process of creating a "Related Items" feature for an online store. I have a SQL query that will pull a list of ITEMs from a Database and display them on the page but I'm trying to rig up system where the list will change depending on a few variables.
The code is below and the part I'm having trouble with is getting a usable string out of Query1 to be used as the 'results' variale in query 2.
Public Shared Function GetExtraProducts(ByVal strAddOnCat As String) As DataSet
Dim connect As New SqlConnection
Dim Data1 As New DataSet
Dim data2 As New DataSet
connect.ConnectionString = "SERVER = SERVER-SQL01; Trusted_Connection=yes; DATABASE=GlobalPCSQL"
connect.Open()
Dim query1 As String = ""
Dim query2 As String = ""
query1 = "SELECT StockID FROM dbo.ADDONLISTS WHERE SubCategory = 'Acer-Desktops'"
Dim command1 = New SqlDataAdapter(query1, connect)
command1.Fill(Data1)
If Data1.Tables(0).Rows.Count > 0 Then
query1 = "SELECT StockID FROM dbo.ADDONLISTS WHERE SubCategory = 'Generic'"
Dim command3 = New SqlDataAdapter(query1, connect)
command3.Fill(Data1, "StockID")
End If
Dim results As String = ""
For Each row In Data1.Tables(0).Rows
results += row.ToString() + "','"
Next
If results.Length > 2 Then
results = results.Substring(0, results.Length - 2)
End If
'results = "'HD12047' , 'TV12008'"
query2 = "SELECT stock_items.Stockcode, STOCK_GROUPS.XW_URL as stockgroup, STOCK_GROUP2S.XW_URL as stockgroup2, STOCK_MAINGROUP.XW_URL as stockmaingroup, stock_items.Stockcode as pID, stock_items.description as pName, stock_web.sales_html as pdescription, stock_web.picture_url as pImage, stock_web.picture_url as pLargeimage, stock_items.sellprice1 as pPrice, stock_items.SELLPRICE1, stock_items.SELLPRICE2, stock_items.SELLPRICE3, stock_items.SELLPRICE4, stock_items.SELLPRICE5, stock_items.SELLPRICE6, stock_items.SELLPRICE7, stock_items.SELLPRICE8, stock_items.SELLPRICE9, stock_items.status as itemtype, stock_items.SELLPRICE10 as pListPrice, stock_items.x_totalstock as pInStock, stock_items.x_webhits as pHits, stock_items.ISACTIVE, stock_items.WEB_SHOW, stock_items.X_WebBlub as X_WebBlurb, stock_items.x_webpromo as X_PROMOPAGE, stock_items.last_updated as lastupdated, stock_items.x_stockleveloverride, isnull(stock_items.Restricted_item,'N') as Restricted_item "
query2 += "FROM stock_items Left OUTER Join STOCK_WEB ON (stock_items.Stockcode = STOCK_WEB.Stockcode) LEFT OUTER JOIN STOCK_GROUPS ON (STOCK_GROUPS.GROUPNO = STOCK_ITEMS.STOCKGROUP) LEFT OUTER JOIN STOCK_GROUP2S ON (STOCK_GROUP2S.GROUPNO = STOCK_ITEMS.STOCKGROUP2) LEFT OUTER JOIN STOCK_MAINGROUP ON (STOCK_MAINGROUP.GROUPNO = STOCK_GROUPS.XW_MAINGROUP)"
query2 += "WHERE stock_items.ISACTIVE='Y' AND stock_web.picture_url IS NOT NULL "
query2 += "AND stock_items.Stockcode IN ('" + results + "')"
query2 += results
Dim command2 = New SqlDataAdapter(query2, connect)
command2.Fill(data2)
connect.Close()
Return data2
End Function
Everything works fine if I spoon feed the stock Id numbers into query 2 (in place of the ' + results + ' section, but when I try to use the string from query one all I get is
Incorrect syntax near 'System.Data.DataRow'
Which makes me think that even if I got the syntax sorted, it'l only search for System.Data.Datarow instead of the actual value of the field.
Any help would be appreciated.
A DataRow can contain many DataColumns. Even though your return DataRow contains only one DataColumn, you must still specify the DataColumn:
Dim results As String = ""
For Each row In Data1.Tables(0).Rows
results += row.Item(0).ToString() + "','" '<--- Added Item(0)'
Next
If results.Length > 2 Then
results = results.Substring(0, results.Length - 2)
End If
Also, double-check that you have an apostrophe for the first result. You might need:
Dim results As String = "'"
Finally, on an unrelated note, while the + operator can be used for string concatenation, I would recommend you use the & operator instead and only use + for numerical addition:
results &= row.Item(0).ToString() & "','" '<--- Added Item(0)'
Related
I am trying to create an sql query from options selected in a checkListBox. The user will select all of the modules they want (in the checklistbox) to include data from, it will then build the query to collect this data. They will also enter a range for a rating value that will be included in the query. I am very new to using sql so I am struggling to understand what operator is missing from the final query.
This is what I have at the moment:
Private Sub Button3_Click(sender As Object, e As EventArgs) Handles Button3.Click
Dim h As Integer
Dim queryString As String
Dim moduleArray(6) As String
Dim counter As Integer = 0
Dim provider As String
Dim database As String
Dim connString As String
Dim moduleLen As Integer = 0
Dim moduleString As String = ""
Dim sqlquery As New OleDb.OleDbCommand
provider = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source ="
Change the following to your access database location
database = "C:\Users\mello_000\OneDrive\Google Drive\Computing\Exampapergenerator\users.accdb"
connString = provider & database
Dim myConnection As OleDbConnection = New OleDbConnection(connString)
myConnection.Open()
sqlquery.Connection = myConnection
For h = 0 To h = 6
For Each item As String In Me.CheckedListBox1.CheckedItems
moduleArray(moduleLen) = item
If moduleArray(moduleLen) = "" Then
Else
moduleLen = moduleLen + 1
End If
Next
Next
For i = 0 To moduleLen
If i = 0 Then
moduleString = "'" & moduleArray(i) & "'"
ElseIf i > 0 Then
moduleString = moduleString & "'OR'" + "'" & moduleArray(i) & "'"
End If
Next
queryString = ("SELECT QText FROM Question WHERE QModule = '" & moduleString & "' AND QRating BETWEEN '" & TextBox1.Text() & "'AND'" & TextBox2.Text())
sqlquery.CommandText = queryString
sqlquery.ExecuteNonQuery()
End Sub
However I am getting the output to be: "SELECT QText FROM Question WHERE QModule = ''C1''OR''C2'' AND QRating BETWEEN '1'AND'2"
and an error:
Syntax error (missing operator) in query expression 'QModule = ''C1''OR''C2'' AND QRating BETWEEN '1'AND'2'.
Also, what would be the best way of outputting all of the returned data in a numbered list, in a form that would be printable?
Why are you doing this For h = 0 To h = 6 instead of just For h = 0 To 6?
You don't need single quotes around "'OR'" just use " OR ".
And your SQL syntax is wrong. This QModule = ''C1''OR''C2'' either needs to be QModule = 'C1' OR QModule = 'C2' or a better way QModule IN ('C1','C2')
Assuming QRating is numeric, you don't need single quotes. This QRating BETWEEN '1'AND'2' should be QRating BETWEEN 1 AND 2.
Also you should look into using SQL parameters so you don't have to worry about quotes or escaping them if you have quotes in your data.
I am trying to run an SQL query in my vb.net application using a loop
SQL = "SELECT * FROM table WHERE "
For m = 1 To num_array
SQL = SQL & "type = '" & array(m, 1) & "' OR "
Next
but its showing an OR at the end.
how can i trim this last OR from my query?
This seems a job for a StringBuilder
Dim sql = new StringBuilder("SELECT * FROM table WHERE ")
For m = 1 To num_array
sql.Append("type = '" & array(m, 1) & "' OR ")
Next
If num_array > 0 Then
sql.Length -= 4
End If
However you should pay special care to your string concatenation. It seems that your array doesn't contain numbers but string because you are putting everything between single quotes and this means that your type field is a string not a number.
Of course I hope that your array content is not directly inserted by your user otherwise you have a big security risk called Sql Injection. Anyway look at how to build a parameterized query.
Something like this
Dim prms = New List(Of SqlParameter)()
Dim num_Array = 4
Dim sql = New StringBuilder("SELECT * FROM table WHERE ")
For m = 1 To num_array
sql.Append("type = #p" & m & " OR ")
prms.Add(New SqlParameter("#p" & m, array(m, 1)))
Next
If num_array > 0 Then
sql.Length -= 4
End If
Dim cmd = new SqlCommand(sql.ToString(), connection)
cmd.Parameters.AddRange(prms.ToArray())
I am trying to run this loop to run if the results continue to have rows. So basically if my sql statement continues to return a row on ssql = "SELECT TOP 1 * from [OrderHeader] Where ([IsisDownloadDate] is null or [IsisDownloadDate] = '')"
then run submit to webrequest, then return a value, then submit that value to the same row and update that column
So basically I just want it to keep updating the next row as long as ssql keeps returning rows, and if it does not return any rows then stop.
I got everything to work, besides the continuous looping issue
Here is the code:
Private Sub Button5_Click(sender As Object, e As EventArgs) Handles Button5.Click
Dim objDR As SqlClient.SqlDataReader
Dim objCommand As SqlClient.SqlCommand
Dim ConnectionString As String = "Data Source=localhost;Initial Catalog=datarep;user id=sa;password=test123;"
Dim objConnection As SqlClient.SqlConnection
Dim ssql As String
objConnection = New SqlClient.SqlConnection(ConnectionString)
ssql = "SELECT TOP 1 * from [OrderHeader] Where ([IsisDownloadDate] is null or [IsisDownloadDate] = '')"
If objConnection.State <> ConnectionState.Open Then
objConnection.Open()
End If
objCommand = New SqlClient.SqlCommand(ssql, objConnection)
objDR = objCommand.ExecuteReader(CommandBehavior.CloseConnection)
objCommand = Nothing
If objDR.HasRows Then
While objDR.Read()
Dim objSO As New WebReference.SalesOrder
Dim objBTAddr As New WebReference.BillToAddress
Dim objSTaddr As New WebReference.ShipToAddress
Dim objAddr As New WebReference.Address
Dim objPart() As WebReference.SalesOrderPart
Dim objMisc As New WebReference.SalesOrderMiscCharges
Dim objPayment As New WebReference.Payment
Dim objCreditCard As New WebReference.SalesOrderCreditCard
Dim objApproval As New WebReference.SalesOrderCreditCardApproval
objSO.OrderNumber = "69355522"
objSO.CompanyId = "301"
objSO.CustomerNumber = "5838303"
objSO.Code = "I"
objSO.PONumber = objDR("OrderNumber").ToString()
objSO.Source = "TAW.COM"
objSO.OrderDate = Format(Date.Now, "MM/dd/yy")
objSO.RequiredDate = Format(Date.Now, "MM/dd/yy")
objSO.ShipCode = "UPG"
objSO.EmployeeId = "1"
objAddr.Name = "José Peña,EPS H-1607"
objAddr.Address1 = "LÄRKGATAN 9"
objAddr.City = "Québec"
objAddr.Country = "US"
objAddr.State = "CA"
objAddr.Zip = "90220"
objSTaddr.Address = objAddr
'objSTaddr.Phone = "310-900-5509"
objBTAddr.AccountNumber = "595522"
objBTAddr.Address = objAddr
objSO.BillToAddress = objBTAddr
'turn on for .88
'objSO.ShipTo = objSTaddr
'objSO.ShipTo.Phone = objSTaddr.Phone
ReDim objPart(1)
objPart(0) = New WebReference.SalesOrderPart
objPart(0).PartNumber = "EVE510-621"
objPart(0).PartId = "EVE"
objPart(0).Quantity = 1
objPart(0).Price = 39.99
objPart(0).Description = "PWRAID SPCR"
objSO.Parts = objPart
Dim ws As New WebReference.WebServiceTyped
Dim result As WebReference.SubmitOrder = ws.SubmitSalesOrder(objSO)
Dim ordernum As String = result.OrderId
Dim s As String = "Data Source=localhost;Initial Catalog=datarep;user id=sa;password=test123;"
Dim sql As String
Dim con As New SqlConnection
con = New SqlConnection(s)
con.Open()
sql = "WITH UpdateList_view AS ( SELECT TOP 1 * from [OrderHeader] Where ([IsisDownloadDate] is null or [IsisDownloadDate] = '') ) update UpdateList_view set [IsisDownloadDate] = '" & result.OrderId & "'"
Dim cmd As New SqlClient.SqlCommand(sql, con)
cmd.ExecuteNonQuery()
con.Close()
End While
End If
objDR.Close()
objDR = Nothing
End Sub
Besides the whole, why would you want to do it this way issue, the problem is that you are only selecting one row. Your while loop goes through that singular row then exits. There are a lot of issues with this code though and I would recommend that you do not do it this way.
Let's go through the code a little bit. Let's say there are two rows that fit this criteria, row J and row 6. You select top 1 and you get row J back. Your If objDR.HasRows will evaluate to true and you will go into the while condition. After you read and update, you go back to the while condition. You already read row J and your vb.net code is not aware of what else is in the database, so we exit the while loop and exit the sub.
I recommend selecting all the rows that fit your criteria right off the bat. Selecting all of your data instead of top 1 will be better than selecting what you want one row at a time from the database because it is expensive to go out and connect to the database. Your way, you will be connecting to the database twice for each row that fits the criteria. My way, you will connect once for each row plus one more time at the beginning. If you are updating a lot of rows this will be a huge difference. Your sql should look more like
SELECT UniqueId from [OrderHeader] Where ([IsisDownloadDate] is null or [IsisDownloadDate] = '')
Now when you loop, you are going through all of the data. I also recommend that when you update the data make sure you use a parameter that will update the specific row you are looking at, some sort of unique id is usually best. In reality, you don't need a cte for this either. Something like:
sql = New SqlCommand("UPDATE UpdateList_view SET [IsisDownloadDate] = #OrderId WHERE UniqueId = #ID", dbConn)
sql.Parameters.AddWithValue("#OrderId", result.OrderId)
sql.Parameters.AddWithValue("#Id", objDR.GetInt32(0))
Note, objDR.GetInt32(0) would be setting the #Id parameter to the unique id that would be selected in the first sql query. Also, please please look at how I have added parameters to the sqlCommand. You should get into the habit of coding this way because update UpdateList_view set [IsisDownloadDate] = '" & result.OrderId & "'" leaves you open to sql injection.
Lastly, you may want to consider doing a sql bulk update rather than updating each row one at a time. This is probably a good place to start.
I need to see if a row exists in a DataTable where a field in the table (plan_code) matches a variable (strPlanCode). If it finds a match, it then obtains the value from another field in that row; if not, it writes the row to an error list. The direction I started with was to set up a DataTable like this:
Using daProduct As New OleDbDataAdapter("SELECT * FROM [product]", con)
Dim cbProduct = New OleDbCommandBuilder(daProduct)
cbExtract.QuotePrefix = "["
cbExtract.QuoteSuffix = "]"
Dim dtProduct = New DataTable
daProduct.Fill(dtProduct)
But no methods from there seem to work and I'm wondering if I shouldn't have gone down the DataAdapter/DataTable path.
Some of the ones I've tried are:
strSearch = "plan_code = " & strPlanCode
intProdRow = dtProduct.Select(strSearch)
and
intProdRow = dtProduct.SelectCommand(strSearch)
But none of these get a result and/or will compile.
The old code, which used ODBC to connect to an SQL Anywhere DB, looks like this:
ls_command = "select * from product"
selectCMD = New OdbcCommand(ls_command, connectDB)
selectCMD.CommandTimeout = 30
productDA.SelectCommand = selectCMD
productDA.Fill(clp_valDS, "product")
porductTBL = clp_valDS.Tables("product")
productTBL.PrimaryKey = New DataColumn() {productTBL.Columns("plan_code")}
productDR = productTBL.Rows.Find(ls_plan_code)
If (productDR Is Nothing) Then
ls_error_message = "Plan Code " + ls_plan_code + " not found"
GoTo ErrorHandler
Else
ls_secondary_guar = productDR("secondary_guar")
End If
I would use the following approach:
For Each row As System.Data.DataRow In dtProduct.Rows
if not row.item("plan_code") is DBNull.Value then
If row.Item("plan_code").ToString = strPlanCode Then
'do what you want with the matching row.
End If
end if
Next
I need to show the data from the column 'Purchaser' starting with the text entered in the textbox 'Purchaser' on the form. I am using MS Access 2003 database.
For this I am using the following...
Dim query = "SELECT * FROM Details WHERE [Purchaser] LIKE '" & Purchaser.Text & "*'"
Dim dc = New OleDbCommand(query, cn)
Dim rows = dc.ExecuteNonQuery
cn.Close()
If rows = 0 Then
'Show a form for new entry
Else
Dim oleadap = New OleDbDataAdapter(query, cn)
Dim dset As DataSet = Nothing
oleadap.Fill(dset, "Details")
For i = 0 To rows
Dim purName = dset.Tables("Details").Rows(i).Item("Purchaser").ToString
Dim purAddr = dset.Tables("Details").Rows(i).Item("Address").ToString
'Populate a list
Next
End If
The variable 'rows' always turns out to be zero even if I check for a Purchaser starting with, say A, in the database.
That should be:
Dim query = "SELECT * FROM Details WHERE [Purchaser] LIKE '" _
& Purchaser.Text & "%'"
In MS Access, the wild card is asterisk (*), outside of it, the wildcard is percent (%)
In addition, you have ExecuteNonQuery, but that is not true. You are executing a query, here are a few notes for testing.
Dim query = "SELECT * FROM Details WHERE [Purchaser] LIKE '" _
& Purchaser.Text & "%'"
Dim dc = New OleDbCommand(query, cn)
Dim rows As OleDb.OleDbDataReader
rows = dc.ExecuteReader
If rows.HasRows Then
Do While rows.Read()
Console.WriteLine(rows("Purchaser"))
Loop
End If
Console.ReadLine()
Can you use % instead of *. And another one, use parameter.
Dim query = "SELECT * FROM Details WHERE [Purchaser] LIKE #purc & '%' "
Dim dc = New OleDbCommand(query, cn)
dc.Parameters.AddWithValue("#purc", Purchaser.Text)
Dim rows = dc.ExecuteNonQuery