I'm working in Visual Basic and using OleDb to access an Excel spreadsheet. I'm importing the data from the sheet into my DataGridView, and that works fine, but now I'm working on filtering. For the most part it works great, but I'm trying to use parameters ("#p1" and so on), and I'm getting a very strange issue.
I can have the following (excluding a bunch of irrelevant stuff before, in between, and after)
query = query & "Project" & " LIKE #Gah1"
...
MyCommand.SelectCommand.Parameters.AddWithValue("#Gah1", "%House%")
and it gives me the results I'm looking for. But I can't seem to get a parameter for the name of the column itself, for example
query = query & "#Gah1" & " LIKE #Gah2"
...
MyCommand.SelectCommand.Parameters.AddWithValue("#Gah1", "Project")
MyCommand.SelectCommand.Parameters.AddWithValue("#Gah2", "%House%")
does not work (and I've tried enclosing Project in different brackets and stuff in different ways, can't get it to work). I've found plenty of examples on using parameters, but none that use them to give the column name.
I'm guessing the parameter changes how the string is represented, seeing as you don't need to have the ' ' around string literals.
Is it not possible to give column names in parameter? If you can, what do I need to do?
Well it won't let me post comment, so here
a) Oops, no, I guess not
b) The string query that I end up sending in my test query here is
"select * from [Bid Summary$] where #Gah1 LIKE #Gah2"
I can post the procedure if absolutely need be, but it isn't the problem because the whole thing works perfectly fine if I replace #Gah1 with Project or [Project], so I just showed the lines that I change.
I'm very new to parameterized queries, can you explain how to avoid query strings using it? If there's a better way to do what I'm doing I'm happy to use it =)
And thanks for response and edit
I use combination of string methods and parameters, like this:
//replace field name in a query template
query = String.Format("select * from [Bid Summary$] where {0} LIKE ?", "#Gah1");
//set value (name is in OleDb parameter ignored, so it could be null)
MyCommand.SelectCommand.Parameters.AddWithValue(null, "%House%");
Note: There is possibility of a sql injection, so be sure about origin of field name (not from user input).
Related
I will provide some context before I ask my question.
I am attempting to query an SQL Server and create a table within Excel from the data. Because I am not familiar with how to accomplish this in VBA I recorded by using Data -> Get External Data -> From Other Sources -> Microsoft Query. In the dialog box that appears, I chose a .DSN file provided to me by someone else. I then used the Microsoft Query interface to structure the query and import the data onto a worksheet.
The code in the recorded macro looked something like this. I will use generic terms instead of the actual code.
With Sheet2.ListObjects.Add(SourceType:= 0, Source:=Array _
(Array("ODBC;DRIVER=SQL Server;SERVER=ServerName;UID=userid;Trusted_Connection=Yes;APP=Microsoft Windows Operating System;WSID=SomeString"), _
Array("A;DATABASE=DatabaseName")), Destination:=Range ("Sheet2!$A$1")).QueryTable
I know this is not formatted ideally, which is part of my question below.
https://msdn.microsoft.com/en-us/library/bb211863(v=office.12).aspx
From the above article, I know that SourceType:= 0 is an xlSrcExternal, or an external data source. This makes sense to me.
My confusion begins to arise when I get to the Source component of the Add method. From the provided article, "When SourceType = xlSrcExternal, an array of String values specifying a connection to the source, containing the following elements:
•0 - URL to SharePoint site
•1 - ListName
•2 - ViewGUID
So to begin with, what exactly is meant by "an array of String values", as the code from the recorded macro does not appear to correspond to what I thought was an array. I know that normally an array is declared something like this Array("string1", "string2", etc.). Or is the array recorded simply an array of one value? In other words Array("string1"). Does anyone know the purpose of passing an "array of string values" as opposed to just passing a string?
Also does anyone know the nuances of why the recorded macro has this particular formatting/syntax? In other words, why does it appear to have this syntax Array(Array("string1"),_ (new line) Array("string2"))? Why not just Array ("string1")? Does it have something to do with the second line being too long?
I have several more questions related to this topic, but this seemed like a good place to start..
Thank you all for any help given.
I'm converting a mysqli code into PDO as it was requested but I'm having a hard time trying to pass some single quotes into the new LIKE query.I will only paste the parts regarding this problem as there's no need of pasting the whole query etc I guess.
Whenever I use something like "whatever" it returns the results fine, but when I go for "what'ever" it doesn't return anything... The way I have it at the moment was working with mysqli_ but it doesn't when I changed everything to PDO. Any idea how to actually quote the string or escape it properly?
Thank you in advance.
My variable is
$FilterRaid="%{$_POST['FilterRaid']}%";
The query
$listbugs = $bugtrackerpdo->prepare('
...
INNER JOIN raid ON raid.ID = bugs.Raid
AND raid.RaidName LIKE :raid
...
');
$listbugs->bindParam(':raid', $FilterRaid);
$listbugs->execute();
Context
I have a interface in VB.NET that extract the data from the UniVerse using UniObjects for .NET
Problem
From the COB file I need to get all keys where the FEC.COB field is equal to a specific date and the field SEC is equal to 04.
An expert in UniVerse Database told me that I can run the follow queries:
SELECT COB WITH FEC.COB > “31/10/2013”
SELECT.ID 1 2 04
But I don't know how can I do that with UniObjects library. Can anyone help me?
I don't use UniObjects as my shop normally gets data our of UniVerse via ODBC. Also my VB is bad, so I don't have much metacode for you, but the basic idea would be to do something like this.
1.) Create a UV Session. Hopefully you have that much worked out as I can be of next to no help there.
2.) Once the session is established Execute your query by doing something like this
session.Command.Text = "SELECT COB WITH FEC.COB > '31/10/2013'"
session.Command.Exec
(I converted your double quotes to single quotes and Universe won't mind).
3.) If you just need the IDs, you can get them by iterating through the select list that your query returns. A command line query will always return to list 0 unless you specify otherwise in your UV query. In most cases your results will be in session.SelectList(0)
Dim objSelect As object
Set objSelect = objSession.SelectList(0)
4.) It looks like the SelectList object has a ReadList method which returns a Dynamic Array Object, which you should be able to iterate through using normal array looping. Additionally you can use a while loop and next to do what you need to do.
Dim someObject as Object
someObject = objSelect.Next ' Get first ID
Do While Not objSelect.LastRecordRead
' Do something here with someObject. Maybe ToString it or something
someObject = objSelect.Next' Get next ID
Loop
Hope that is somewhat helpful.
I'm running a MVC4 website, where I want to filter by a search string.
I have a string that contains 2 parameters, with a blank space between, like following search string:
"tha 19"
Currently I'm using
.contains(searchString)
The problem is, that if the use only type "th 19" it won't find any result with contains, since contains is the complete string.
I have solved the problem with SQL by following:
SELECT *
FROM DB
WHERE DB.Name LIKE 'th%19'
The %-operator between the blank spaces, do the works, and will find the specific entity, without the need of typing excatly name like: tha 19.
Is there an equal in LINQ to Entity of the %-operator in SQL?
EDIT: I have tryed to split the string into an string[] strArr, but the LINQ doesn't support ArrayIndex like strArr[0]... StartsWith() doesn't work either, because it take the complete string into considaration.
I tested this query in my database, and it works fine:
select * from variables where value = 'commas-:-)';
I get a result. Now, I stored the value in a variable and use the query class.
$value = 'commas-:-)' <<< this is passed as a parameter
$query = "select * from variables where value = '$value'";
$this->db->query($query);
Now, this query works for every other value except for this one - but what's odd is that if I PRINT out the exact query (print_r of $query) and execute it on the database, it returns the correct result. So I'm left to think that the query class is screwing with my query, which it shouldn't because everything is properly escaped and $value is a string literal.
What is going on?
$sql = "SELECT * FROM variables WHERE value = ?";
$this->db->query($sql, array('commas-:-)'));
More info
$get_data = $this->db->from('variables')
->where('value', $value)
->get();
Hope this will work...!
try to use these things for checking the queries
echo $this->db->last_query();
print_r($this->db->result_array($get_data));
I found the issue - it was the rerouting function that was causing the mishap. More specifically, the segment filtering function within the route folder in the system core.
This is what happened:
I created an anchor with the encoded value (commas:-)) and I configured the route to reroute the uri to a function I had in my controller. Each time I clicked the link, the value gets passed, and (supposedly) rerouted to the function. Which it did, for almost all the values I used. Except this one.
1st assumption: the db query function is escaping the values. But I turned off the escape, as well as checked the query by printing. The value was correct. I then tried other query formats, and still no results. Conclusion: There's nothing wrong with the database query functions.
2nd assumption: the data must be corrupt - although the value is correct (I'm getting commas:-)), it's not returning anything except when I type in the value manually. So I tested this:
I created a seperate value, and set it equals to the one I typed in(the one that works). I then printed the original value(one passed) and the newly created value using VAR_DUMP.
Turns out, the argument value (one that doesn't work) is a string with length 14 whereas my new variable was a string with a length of 10. WTF? Conclusion: Something occured during the rerouting / passing process that changed the variable.
I went back to the config folder, and replace the variable $i in the reroute to the literal string value commas:-). And guess what? It worked perfectly. And just to make sure it wasn't the regex, I wrote my own custom regex and it matched fine, but the value was still being changed. So I decided to get under the hood.
I traced the URI manipulation in the routes class to the _explode_segment() function, which was used to perform the regex and analyse the uri for other variables. It also did this thing ...
_filter_uri($str)
for each part of the uri segment that was matched.
What did it do? It replaces programmable characters like ( and ) with their HTML ENTITY. Now, if you don't know, html entities have long lengths than url encoding. LOL. So what happened was this:
Original segment : commas-%3A-%29 <- very nice!
Filtered segment : commas-%3A-) <- NOOOOOOOOO! (the right paren encoded with ).)
urldecode(")") = string(4)
urldecode("%29") = string(1)
Fail.
or WIN?!