ASP Classic SQL Query does not work as intended - sql

I am using ASP within HTML to create a website.
On one of my pages the SQL query sqlString = "SELECT * FROM Property_Details WHERE " &_
" Price BETWEEN '" & minPrice & "' AND '" & maxPrice & "' " &_
"OR Address_2 LIKE '" & searchFor & "' "
is used to search a database and display the correct entries based on what was on a form. This works for the Address_2 part of the query but the BETWEEN is not working correctly.
minPrice and maxPrice are all declared earlier and the correct form data is being taken as I have tested it with <%= minPrice %> what am I missing?

I think your minPrice and maxPrice are numbers, so you don't need apostrophe. Currently with your query you are getting SQL similar to this:
SELECT * FROM Property_Details
WHERE Price BETWEEN '10' AND '20'
Since 10 and 20 are numbers, so you should not use ' around them. Try changing your query to the following:
sqlString = "SELECT * FROM Property_Details WHERE " &_
" Price BETWEEN " & minPrice & " AND " & maxPrice & " " &_
"OR Address_2 LIKE '" & searchFor & "' "
Just as a side note - I don't know where minPrice, maxPrice and searchFor are coming from, but if they come from user input you could be vulnerable to SQL injection attacks

Related

using what I think is a variable in a SQL statement

I am very new to SQL and think I have a simple problem but was unable to figure it out from other posts. I have the following code:
INSERT INTO tblShortScores ( TradeNum, FilterNum, Rank, ScoreNum )
SELECT [Forms]![frmOpenTrades]![TradeNum] AS TradeNum, tblFilters.FilterNum, tblFilters.SBBExh AS Rank, tblFilters.SBBExh AS Score
FROM tblFilters
WHERE (((tblFilters.SBBExh) Is Not Null));
but instead of using the literal "SBBExh" in tblFilters.SBBExh, I want to do something like
tblFilters.("S" & [Forms]![frmOpenTrades]![Strategy])
where something like
[Forms]![frmOpenTrades]![Strategy] contains the value "BBExh".
It's in MS Access and I seem unable to find a syntax that works
any help is appreciated
Can't dynamically build field name in query object. Use VBA to construct and execute action SQL, like:
strField = "S" & Me.Strategy
CurrentDb.Execute "INSERT INTO tblShortScores (TradeNum, FilterNum, ScoreNum) " & _
"SELECT " & Me.TradeNum & " AS TradeNum, FilterNum, " & strField & " " & _
"FROM tblFilters WHERE " & strField & " Is Not Null;"
Assumes TradeNum is number type - if it is text, use apostrophe delimiters:
SELECT '" & Me.TradeNum & "' AS .
If SQL injection is a concern review, How do I use parameters in VBA in the different contexts in Microsoft Access?

SQL VBA syntax issue

This select statement works.
rs.Open "Select Company from Customers where Company LIKE '" & Replace(Range("K4").Value, "'", "''") & "%' "
This select statement doesn't work.
rs.Open "Select Company from Customers where '" & Range("N4").Value & "' LIKE '" & Replace(Range("K4").Value, "'", "''") & "%' "
I'm going to have a data validation drop down box where the user can pick between a few options so being able to change the second Company in the first select statement to the users selection would be handy. Something is wrong with the syntax because although it doesn't give me any errors it doesn't have any results.
You shouldn't quote the column name - notice there are no quotes in your first example.
rs.Open "Select Company from Customers where " & Range("N4").Value & _
" LIKE '" & Replace(Range("K4").Value, "'", "''") & "%' "

SQL string dealing with "inch" marks

Microsoft Access subform filter output looks like this:
**([qryPOExamDetail subform].[Line Description]="1"" CONDUIT - EMT")**
The actual value in the field is 1" CONDUIT - EMT. I've converted the above argument to [Line Description]='1"" CONDUIT - EMT' but the dynamic query returns zero records.
I've built a SQL statement to create a dynamic query for export to a comma delimited file via VBA doCmd.TransferText function. I filter on other fields (without "inch" marks) and it works fine. I've searched the internet for an answer and cannot find anything.
How do I get SQL to recognize that 1"" CONDUIT - EMT = 1" CONDUIT - EMT?
Below is the SQL string for creating the dynamic query:
strSQL1 = "SELECT tblOpenCommittment.[Job Number], tblOpenCommittment.[Job Name], tblOpenCommittment.[Order Number], tblOpenCommittment.[Supplier Name]," _
& "tblOpenCommittment.[Order Date],tblOpenCommittment.[Cost Code], tblOpenCommittment.[Line Description], tblOpenCommittment.Qty, tblOpenCommittment.Tax, " _
& "tblOpenCommittment.Price, tblOpenCommittment.Unit, tblOpenCommittment.[Total Line Value],tblOpenCommittment.[Total Line Value]-tblOpenCommittment.[Line Total Amount invoiced]" _
& "AS [Open]FROM tblOpenCommittment WHERE (((tblOpenCommittment.[Job Name])=[Forms]![frmPrintByProject]![txtBoxJobName]) AND ((tblOpenCommittment.[Cost Code])" _
& "Like" & Chr(34) & Chr(42) & Chr(34) & Chr(32) & Chr(38) & Chr(32) & "[Forms]![frmPrintByProject]![txtBoxFrameValue]) AND " & strWashedstrFilter & " )"
The very last argument strWashedstrFilter represents the output of the subform filter listed at the head of my original post. As I've stated earlier it works as long as the value filtered on does not contain ( " ).
I've read this site for years and gotten outstanding help. This is the first time I've ever posted a question. Thank you all in advance for taking the time to comment.
As an example, (as I am not really certain of your data structure or columns) you would use something like this for MS Access:
SELECT "My Quote goes > "" < right there"
So, to compare the values it would be like this:
SELECT ...
WHERE [MyColumn] = "1"" CONDUIT - EMT"
Or (if you prefer)
SELECT ...
WHERE [MyColumn] = '1" CONDUIT - EMT'
You are missing some spaces in the construct so words don't run together. And concatenate references to form controls:
strSQL1 = "SELECT *, [Total Line Value]-[Line Total Amount invoiced] AS [Open] " & _
"FROM tblOpenCommittment " &
"WHERE [Job Name]='" & [Forms]![frmPrintByProject]![txtBoxJobName] & _
"' AND [Cost Code] LIKE '*" & [Forms]![frmPrintByProject]![txtBoxFrameValue] & _
"' AND " & strWashedstrFilter
If code is behind frmPrintByProject, can use Me.:
"WHERE [Job Name]='" & Me.txtBoxJobName & "

Move an MS Access query into a VB6 query that uses the first

I have two tables, one table called Act_Reg and the other is Active_Pay. I have two queries: one query is a view in MS Access and it gives me the result as Paycoach :
SELECT Act_Reg.member_id, Active_Pay.date_pay, Active_Pay.kind_sport,
Active_Pay.kind_prac, Active_Pay.coach, Active_Pay.tuition, Active_Pay.discount
FROM Act_Reg
INNER JOIN Active_Pay ON Act_Reg.member_id = Active_Pay.member_id;
The second query I use in VB6 for getting the result of query one:
rstemp1.Open "SELECT sum(tuition)-sum(discount) FROM paycoach where date_pay Between '" & Trim(txtdatein.text) & "' And '" & Trim(txtdateto.text) & "' and coach='" & Cbocoach.text & "' and kind_sport='" & cbosport.text & "' and kind_prac='normal' group by tuition", db, adOpenKeyset, adLockOptimistic
I want to calculate the payment for each coach, according to paid membership and discount in a date range. The two queries work well, but one query is in MS Access as view and the second is in VB6.
How can I combine these two queries into one query, which I can use in Visual Basic 6?
I think you can do just what you ask by doing exactly how you describe it.
It's probably not the most efficient, but this should work by simply inserting your Access query SQL directly into your VB6 query SQL
your paycheck query SQL
SELECT Act_Reg.member_id, Active_Pay.date_pay, Active_Pay.kind_sport,
Active_Pay.kind_prac, Active_Pay.coach, Active_Pay.tuition, Active_Pay.discount
FROM Act_Reg
INNER JOIN Active_Pay ON Act_Reg.member_id = Active_Pay.member_id;
Your rs.Open sql
"SELECT sum(tuition)-sum(discount) FROM paycoach where date_pay Between '" & _
Trim(txtdatein.text) & "' And '" & Trim(txtdateto.text) & "' and coach='" & _
Cbocoach.text & "' and kind_sport='" & cbosport.text & "' and kind_prac='normal' group by tuition"
Modify your rs.open to use Combined statement
Dim sql as string
sql = "SELECT sum(tuition)-sum(discount) FROM "
sql = sql & "(SELECT Act_Reg.member_id, Active_Pay.date_pay, Active_Pay.kind_sport, "
sql = sql & "Active_Pay.kind_prac, Active_Pay.coach, Active_Pay.tuition, Active_Pay.discount "
sql = sql & "FROM Act_Reg INNER JOIN Active_Pay ON Act_Reg.member_id = Active_Pay.member_id) "
sql = sql & "As paycoach "
sql = sql & "where date_pay Between '"
sql = sql & Trim(txtdatein.text) & "' And '" & Trim(txtdateto.text) & "' and coach='"
sql = sql & Cbocoach.text & "' and kind_sport='" & cbosport.text & "' and kind_prac='normal' group by tuition"
rstemp1.Open sql, db, adOpenKeyset, adLockOptimistic

ACCESS VBA using using one more SQL QUERY in WHERE clause

I have two tables, one is std Table and KeyTable.
I have to display the values of std table based on the condition of keytable.
For example, if the user selects ASIA, i have to create a sql query list of countries in ASIA and use this country values (example: INDIA,SRILANKA,BANGLADESH) as where clause in final query. I have tried building them. But I am not sure of the syntax
First query to filter out the values of ASIA
strSQL1 = "SELECT keytable.[Lead Country] FROM keytable WHERE keytable.country='" & lstcountry & "';"
Second query to display the values according to the first query in where clause
strSQL = "SELECT * FROM [Std Table] WHERE ([Std Table].Country IN (______));
The blank which i am missing.
You could just combine the two queries into one statement:
strSQL= "SELECT * " & _
"FROM [Std Table] " & _
"WHERE [Std Table].Country IN " & _
"(" & _
" SELECT s.[Lead Country] " & _
" FROM keytable AS s WHERE s.country = '" & lstcountry & "' " & _
")"
I'd try
strSQL1 = "SELECT keytable.[Lead Country] FROM keytable WHERE keytable.country='" & lstcountry & "'"
strSQL = "SELECT * FROM [Std Table] WHERE ([Std Table].Country IN (" & strSQL1 & "));"
SQL Server would allow you to do that, I guess that ACCESS supports this, too.
Please note that I removed the ; in strSQL1!
You could also provide a list of comma separated values:
strSQL = "SELECT * FROM [Std Table] WHERE ([Std Table].Country IN ('DE','UK','JP'));"