I am trying to modify certain fields in an access db, but I was hoping I can do it in one query.
Looking for something like this:
PARAMETERS [PID] long, [PColumnName] Text (100);
UPDATE Employees SET [PColumnName] = 0
WHERE ID=[PID];
And I can input the [PColumnName] parameter as the column I want to change to zero.
Now I don't actually want to change anything to zero, I am just really asking if there is anyway to do this?
If it isn't possible, it's not a big deal, I can just make separate queries for each column, but for the future I would love to know of someway to do this.
Suggestions are welcome, I'm relatively new to this so I'll take all the help I can get!
What you can do is to write the query as SQL:
SQL = "UPDATE Employees SET [{0}] = 0 WHERE ID = {1};"
SQL = Replace(SQL, "{0}", PColumnName)
SQL = Replace(SQL, "{1}", PID)
CurrentDb.Execute SQL
Related
I am currently in the process of converting a large amount of ASP classic/VBscript pages from an old database (Unify Dataserver) to MySQL.
Say you have a query like this:
sql = "SELECT c.container_type, c_amount, c_sdate, c_edate, csrt " & _
"FROM containers c, container_chars cc"
objRS.Open sql, objConn, 3, 1
If I want to reference the column "c_edate", I can simply use this and it works fine:
x = objRS("c_edate")
However, when it comes to referencing a column like "c.container_type" (With a . used to differentiate it from another table, like so:
x = objRS("c.container_type")
It will say
ADODB.Recordset error '800a0cc1'
Item cannot be found in the collection corresponding to the requested name or ordinal.
I can fix it by using a number instead:
objRS(0)
This was never an issue until we switched to MySQL. In our old database, using the rs(table.column_name) format worked just fine. But in MySQL, once you add a (.) to the code, it can't find that item unless you switch it to a number.
As you can imagine, this is quite a pain as I go through the 700+ pages of this website manually counting the placement of each column in the corresponding select statement every time something from the query is referenced.
Does anyone know why this is happening or how to make the rs(table.column_name) format work with MySQL like it does with our old database?
In SQL Server, and apparently in MySQL too, the way to reference a field in the result set is to just use the name, without the prefix.
x = objRS("container_type")
The prefix is needed by the database to differentiate between identically-named columns, but once you send the results to a recordset, that recordset doesn't know or care where the columns came from.
The same goes for aliases:
SQL = "SELECT c.container_type AS ctype, [...]"
...
x = objRS("ctype")
Combining these two facts, if you do have identically-named columns in the result set, you must alias at least one of them. If you don't, it won't necessarily give an error, but you will not be able to reference the second column using the rs("name") syntax.
SQL = "SELECT c1.container_type, c2.container_type AS c_type2, ..."
...
x = objRS("container_type")
y = objRS("c_type2")
[Note that while you're at it, you probably should also modify your FROM clauses to use proper FROM table1 INNER JOIN table2 ON table1.fieldA = table2.fieldB type syntax. The FROM table1, table2 WHERE table1.fieldA = table2.fieldB syntax has been deprecated for many years now.]
Hi i have trying to do a query, that receives the value on a querystring, but is not working i think the query it self is no good. could you help me?
So i receive the query on
<%String detalhe = request.getParameter("value");%>
I wont put connections and stuff, because they work with other querys, so the problem are not the connections.
// sql query to retrieve values from the specified table.
String QueryString = "SELECT * FROM ebooko.dadoslivros WHERE Autor LIKE '%"+detalhe+"%'
OR ano LIKE '%"+detalhe+"%'";;
rs = statement.executeQuery(QueryString);
It simply cannot retrive the value, i'm querying.
Adicional info:
Table: dadoslivros
Columns that i need to compare the value: Autor, ano.
for example when i run the Href the value that is passed is: Jules%Verne (i gess it changes SPACES with '%'.
Use URLDecoder#decode() to decode the parameters in the query string.
You should also consider using a PreparedStatement to prevent SQL injection attacks.
I solved it changing the query:
String QueryString = "SELECT * FROM dadoslivros WHERE (Data LIKE '%"+detalhe+"%') OR (Autor LIKE '%"+detalhe+"%')";;
maybe it can help another person ;)
I have a crosstab query which queries a bunch of locations and gets their measurement readings. I pivot on the measurement readings so I get a table which has all the measurements for a location/date combo on each line. This works fine for getting all the data. It also works fine for filtering on one value per field. i.e. WHERE LocationID = ? AND MeasureID = ? but what I really need is to have something like WHERE LocationID IN (?) AND MeasureID IN (?) where ? is an array (or whatever gets to job done. Is this possible?
On my forms I'm using a DAO.QueryDef object to build my recordsets. I'd like to avoid building the entire query string in VBA if possible, mostly because this particular query is pretty long and I'd rather it live in a view and not a code module. With that said I can build it all in VBA but it's just not the desired solution.
You can always use replace.
sSQL = "SELECT lots of sql WHERE LocationID IN (qqlocidqq)"
sSQLWithLoc = Replace (sSQL, "qqlocidqq", "1,2,3,4")
Dim qdf As QueryDef
'A query that exists
Set qdf= CurrentDB.QueryDefs("MyJunkQuery")
'Permanently change the sql of that query
qdf.SQL = sSQLWithLoc
Looking into this a little further, it may suit you to use Instr, like so:
SELECT Table1.LocationID
FROM Table1
WHERE InStr([#List],[LocationID])>0
Tested like so:
PARAMETERS Number_List Text(50);
TRANSFORM Count(Table1.AKey) AS CountOfAKey
SELECT Table1.AText
FROM Table1
WHERE InStr([Number_List],[ANumber])>0
GROUP BY Table1.AText
PIVOT Table1.ANumber;
Where Table1 consists of fields AKey, AText, and ANumber. Number_List is a comma separated list of numbers supplied by a parameter. Instr checks for the existence of ANumber from Table1 in the supplied parameter.
There is a problem with overlap 1,2,12, but a creative use of commas may suit:
WHERE InStr("," & [Number_List] & "," , "," & [ANumber] & ",")>0
Of course the delimiter does not have to be a comma, | is often useful.
I am trying to get the memberid from database according to text entered in the textbox like this way
String sql =#" SELECT member_Id FROM members where (member_Firstname,'',member_Lastname) ="+tbMemberName.Text;
How can this be done?
Try this:
String sql =#" SELECT member_Id FROM members where CONCAT(member_Firstname,'',member_Lastname) = '"+tbMemberName.Text+"'";
Also, this is vulnerable to sql injection.
Due to security and performance reasons, I would personally split the members's name in first/ last before compiling the query. Now, I'm not familiar with the language you use to call this query, but I'll formulate something that will hopefully make sense, regardless of it's stupidity:
String sql =#" SELECT member_Id FROM members WHERE member_Lastname = "+safely_escaped(tbMembername.Last.Text)+" AND member_Firstname = "+safely_escaped(tbMembername.First.Text)+"
This will allow for a more precise analysis of the names before inserting it into the query and it will allow you to use an index (which is not possible with any of the previously shown examples). Just to be clear, the index, most efficiently in this case, would be INDEX (member_Lastname, member_Firstname).
If that's C# that you're writing, as you've commented, you'll want to start using parameters to avoid SQL injection.
string getMember= #"SELECT member_Id FROM members
WHERE member_Firstname like #userText
OR member_Lastname like #userText;";
MySqlCommand m = new MySqlCommand(getMember);
m.Parameters.AddWithValue("#userText", tbMemberName.Text + "%");
var reader = m.ExecuteReader();
I am setting a cookie. Something like:
$_COOKIE['test'] = SHA1('124'.'mysalt');
Now 124 is my id which I want. So in my MySQL table, I am trying to run a query like:
$sql = ("SELECT * FROM users WHERE SHA1(`id`) = '".mysql_real_escape_string($_COOKIE['test'])."'");
How to add the "mysalt" to the SQL query? Because else I want get the correct id.
Use can use Concat() for that.
SELECT ... Sha1( Concat(`id`, 'mysalt') )=...
The query should be:
$sql = ("SELECT * FROM users WHERE SHA1(CONCAT(`id`,`mysalt`)) = '".mysql_real_escape_string($_COOKIE['test'])."'");
if I understand correctly what you're trying to do.
The solutions already provided probably will work just fine, however are you certain you want to do this? If the field "id" is really a distinct identification you can use "LIMIT 1" to stop mysql from searching thru all your items. Another thing is, why don't you use a separate precomputed field for this? I mean in every query mysql unnecessarily needs to compute all these sha1 values.. One last thing. I'm uncertain why you are using your approach, but my best guess is to implement some sort of session key. I thing this is a bad idea for a couple of reasons: If someone gets holds on your salt, he has access to all your accounts. If someone sniffs one "session" he can reuse it whenever he wants to. Choosing a weak salt could have serious consequences. HTH.
Use CONCAT:
$sql = ("SELECT * FROM users WHERE SHA1(CONCAT(`id`,'mysalt')) = '".mysql_real_escape_string($_COOKIE[''test''])."'");