The following SQL runs as expected in the workbench, but generates an error "parameter #search must be defined" when I fire it in from a C# application. Can anyone explain this?
set #search = 'b%';
select * from country where Name like #search
MySQL use the #variable_name expression as a user defined variable. C# (or the provider - not really sure which) on the other hand uses the #parameter_name to annotate parameter placeholder in the query.
If you want to use sql user defined variables, then add the following parameter to the connection string of your .Net connector connection:
Allow User Variables=True
or
AllowUserVariables=True
This option was added to connector v5.2.2
Related
Im trying to retrieve data from our SQL server with the Report Builder. Since we have different databases for different customers I want to switch the database, the table I query has the same name in every database.
The idea I have is to use a parameter, so this is what I came up with:
use #db
Select H.TK_RC, R.Result_Description, count(*) as aantal from dbo.TK_HISTORY as H
LEFT JOIN CWESystemConfig..Result_Code as R on H.Project_ID = R.Project_ID and H.TK_RC = R.Result_Code
Where R.Result_Group = 1 and H.Project_ID = #pid and H.TK_CD between #startdate and #enddate
group by H.TK_RC, R.Result_Description
The code itself is working, the problem I encounter is when I create a dataset in the report builder. I think it's because the report builder can't find a startingpoint(of course) it keeps throwing the "define query parameters" pop-up, whatever I do it gives me the error:
Could not update a list of fields for the query. Verify that you can connect to the datasource etc.
If I remove the use #db it does work, so this is the issue. I can see the issue, since this is a variable the report builder doesn't see a valid query.
I just can't get this to work, anyone with suggestions for a fix or a workaround?
You should be able to do this by using an expression as your datasource connection string. There is no need to use the USE statement in your dataset query.
For a simple connection to SQL Server you would use something like
="data source=mySQLServer;initial catalog=" & Parameters!db.Value
Where your #db parameter has the name of the database
NOTES:
You must use an embedded datasource - you cannot expressions in a shared datasource
You should design and test the report using a fixed connection, then once your are happy with it, change the connection to use an expression.
Here's an screen shot of what you should be looking at
I'm using a MySql database and was trying to find a MySQL alternative to tedious.js (a SQL server parameterised query builder).I'm using Node.js for my backend.
I read that the .raw() command from knex.js is susceptible to sql injection, if not used with bindings.
But are the other commands and knex.js as a whole safe to use to prevent sql injection? Or am I barking up the wrong tree?
Read carefully from knex documentation how to pass values to knex raw (http://knexjs.org/#Raw).
If you are passing values as parameter binding to raw like:
knex.raw('select * from foo where id = ?', [1])
In that case parameters and query string are passed separately to database driver protecting query from SQL injection.
Other query builder methods always uses binding format internally so they are safe too.
To see how certain query is passed to database driver one can do:
knex('foo').where('id', 1).toSQL().toNative()
Which will output SQL string and bindings that are given to driver for running the query (https://runkit.com/embed/2yhqebv6pte6).
Biggest mistake that one can do with knex raw queries is to use javascript template string and interpolate variables directly to SQL string format like:
knex.raw(`select * from foo where id = ${id}`) // NEVER DO THIS
One thing to note is that knex table/identifier names cannot be passed as bindings to driver, so with those one should be extra careful to not read table / column names from user and use them without properly validating them first.
Edit:
By saying that identifier names cannot be passed as bindings I mean that when one is using ?? knex -binding for identifier name, that will be rendered as part of SQL string when passed to the database driver.
This code works when the connection is made to an accdb database:
Dim customer = connection.Query(Of Klantgegevens)("Select Actief,Onderhoudscontract From Klantgegevens Where Klantnummer=#Idx", New With {.Idx = customerId}).SingleOrDefault
But the code below gives the error about the Idx parameter when the connection is made to a SQL server database that has a table with the same structure:
Dim customer = connection.Query(Of Klantgegevens)("Select Actief,Onderhoudscontract From [dbo.Klantgegevens] Where Klantnummer=#Idx", New With {.Idx = customerId}).SingleOrDefault
What is going wrong here? I had hoped that by using Dapper I would be able to write database agnostic code. But it seems that is not the case!
If you are using an ODBC/OLEDB connection, then my first suggestion would be: move to SqlClient (SqlConnection). Everything should work fine with SqlConnection.
If you can't do that for some reason - i.e. you're stuck with a provider that doesn't have good support for named parameters - then you might need to tell dapper to use pseudo-positional parameters. Instead of #Idx, use ?Idx?. Dapper interprets this as an instruction to replace ?Idx? with the positional placeholder (simply: ?), using the value from the member Idx.
This is also a good fix for talking to accdb, which has very atypical parameter usage for an ADO.NET provider: it allows named parameter tokens, but all the tokens all replaced with ?, and given values from the positions of the added parameters (not via their names).
I am trying to query a MySQL linked server using SQL Server.
The below query runs just fine.
SELECT * FROM OPENQUERY([Linked_Server], 'SELECT * FROM Table_Name')
Is it possible to run the same query without using the OpenQuery call?
Found the answer here. Now I can the three dot notation query. Thanks
http://www.sparkalyn.com/2008/12/invalid-schema-error/
Go to the provider options screenIn SQL Server 2005 you can see the list of providers in a folder above the linked server (assuming you have appropriate permissions). Right click on MSDASQL and go to properties. In SQL Server 2000, the provider options button is in the dialog box where you create the linked server.
Check the box that says “level zero only”
you can use the statement below
select * from [linkedServerName]...[databaseName.TableName]
but before executing the code above ,, you have to do some changes ..
In the SSMS
SSMS -> Expand "linked servers" Folder -> open Provider folder -> find MSDASQL and gets it's property
Then check "Level Zero Only" press Ok
Then execute the above query and Enjoy it !!!
Try like this:
SELECT * FROM [Linked_Server]...[db_name.table_name]
Working properly, however there are the problems of converting data types.
Safer and more reliable to use is OPEQUERY.
SELECT * FROM OPENQUERY([Linked_Server], 'SELECT * FROM db_name.table_name')
You should be able to simply query the linked server directly.
select * from mylinkedserver.database.schema.mytable
EDIT:
Try with the three dot notation as noted in this post:
http://www.ideaexcursion.com/2009/02/25/howto-setup-sql-server-linked-server-to-mysql/
SELECT * FROM MYSQLAPP...tables
Msg 7399, Level 16, State 1, Line 1 The OLE DB provider "MSDASQL" for
linked server "MySQLApp" reported an error. The provider did not give
any information about the error. Msg 7312, Level 16, State 1, Line 1
Invalid use of schema or catalog for OLE DB provider "MSDASQL" for
linked server "MySQLApp". A four-part name was supplied, but the
provider does not expose the necessary interfaces to use a catalog or
schema.
This “four-part name” error is due to a limitation in the
MySQL ODBC driver. You cannot switch catalogs/schemas using dotted
notation. Instead, you will have to register another DSN and Linked
Server for the different catalogs you want to access. Be sure and
follow the three-dot notation noted in the example query.
There is an important point for using this:
SELECT * FROM [Linked_Server]...[db_name.table_name]
You must go on
Linked Server -> provider-> MSDASQL:
and make sure these three options have been checked
Dynamic Parameter
Level zero only
Allow inprocess
https://www.sqlteam.com/forums/topic.asp?TOPIC_ID=153024
This solution is great for querying small tables, however it seems that it doesn't use indexes, so getting even few rows from large tables, even by field indexed on the remote server takes ages.
So - correct me if I'm wrong - for large datasets it's still better to use OPENQUERY, as the query is evaluated and optimized on the remote server, using indexes and so on.
In case anyone is still having trouble with this...I had to go into the linked server properties -> Server Option and change RPC and RPC Out to true. Then I could run with like this [linked server]...[table]
I am trying to write ETL that collects data from many identical server into a central repository. What I'm trying to do is write one package with source address, user id and password as parameters and execute the package once per server to be copied.
Is this doable? How can I use parameters to create a source?
I meant to ask how to parametrize the connection manager (is that even a real word?), not where to store the connection parameters. The answer is simple:
Create package parameters for Server, Database, User ID and Password
Create a connection manager as part of defining a data flow component
once a connection is defined, right-click on the connection manager at the bottom of the package design screen and select "Parametrize".
Select "ServerName" in the property drop-down
Select "Use existing parameter" or create new parameter if skipped step 1
If using existing parameter, select it from the drop down
Click OK to save (gotta do it after each parameter)
Repeat steps 4-7 for the rest of the parameters
You can store parameters in a table. Query the table with a sql task and store the results in a object variable. You can then use this variable in a for loop. Use expressions in SSIS to change values of your connection during each loop iteration.
Several books outline this method. Here is a code example.
Here are some steps - hopefully I didn't miss anything. You mention a server "Address", but I'm not sure exactly what you are trying to do. This example queries multiple sql servers.
You create the variables, SQL_RS with type of object, SRV_Conn with type of string. This holds my servername. In the execute SQL task, I have a query which returns the names of sql servers I want to query. Then set the following properties:
SELECT RTRIM(Server) AS servername
FROM ServerList_SSIS
WHERE (Server IS NOT NULL)
and coalesce(exclude,'0') <> 'True'
and IsOracle is Null
Execute SQL Task > General > ResultSet = "Full Result Set"
Execute SQL Task > Result Set Tab "Result Set Name = 0", Variable Name = "User::SQL_RS"
So we have a list of server names in the SQL_RS variable now.
ForEach > Collection > Enumerator = "Foreach ADO Enumerator"
ForEach > Collection > Enumerator Configuration > ADO Object source Variable = User::SQL_RS
This maps the first column of the SQL_RS object to the SRV_Conn variable, so each iteration of the loop will result in a new value in this variable.
ForEach > Variable Mappings > Variable = User::SRV_Conn, Index = 0
Inside the ForEach are some other sql execs, performing queries on sql databases, so I need to change the ServerName of my 'MultiServer' connection. I have another connection for the initial query that got me the list of servers to query. Making the connection dynamic is done in properties of the connection - right-click the connection > properties. Click the ellipses to the right of the expressions.
Connection > Properties > Expressions > Property = ServerName, Expression = "#[User::SRV_Conn]"
Note: The index value of 0 for the variable mapping works for Native OLEDB\SQL Server Native Client. If you're using another db provider, you may need to use other index types - this makes setup more confusing.
OLEDB = 0,1
ADO.NET = #Varname
ADO = #Param1, Param2
ODBC = 1,2
Full listing here.