I am trying to restrict the output here to a specific account type, but I'm not sure how I add that AND clause. The Retool has a search for account name, and a selector for country - but I only want to pull out Type = 'Indirect Reseller' - just struggling to make that work as my SQL knowledge isn't good enough.
SELECT
Name,
Description,
NumberOfEmployees,
AnnualRevenue,
Industry,
Website,
OwnerId,
BillingCountry,
BillingCountryCode,
Type,
ID
FROM Account
{{search.value == "" ? (select_industry.value['0'] == null ? '' : " WHERE ( BillingCountryCode LIKE " + "'" + select_industry.value.join("' OR BillingCountryCode LIKE '") + "')") : " WHERE ( Name LIKE " + "'%" + search.value + "%'" + " OR Website LIKE " + "'%" + search.value + "%'" + ")" + (select_industry.value['0'] == null ? '' : " AND ( BillingCountryCode LIKE " + "'" + select_industry.value.join("' OR BillingCountryCode LIKE '") + "')")}}
This works, but I want to limit to Indirect Reseller account types
Related
In Mysql, FIND_IN_SET is used to find value in a set. I have tried FIND_IN_SET in SQLite, but it is not an SQL keyword. I have Googled, but I did not get an answer. If anybody knows, please tell me the alternative to FIND_IN_SET in SQLite.
If you need just a true / false value rather than index then you can use LIKE clause:
(',' || column_name || ',') LIKE '%,value,%'
we can write query like change into hibernate critearea
my old query
select * FROM game_detail WHERE content_id=176 and FIND_IN_SET(12,group_master_id)
New query
select *
FROM game_detail
WHERE content_id=176
and (group_master_id LIKE '%12,%'|| group_master_id LIKE '%,12,'|| group_master_id LIKE '%12')
This is my old query
String query = "SELECT a.content_id,a.content_name,a.image_name,a.image_path,a.rating,d.content_type_name"
+ "from content_master a, category_content_mapping b, "
+ "game_detail c, content_type_master d "
+ "where a.content_id=b.content_id "
+ "and c.content_id = a.content_id "
+ "and a.content_type_id = d.content_type_id "
+ "and b.category_id = '" + category_id + "' "
+ "and find_in_set('" + group_master_id + "',c.group_master_id) "
+ "and a.is_active='Y' and b.is_active = 'Y' and c.is_active = 'Y'"
+ "order by b.content_mapping_id DESC limit 0,3";
Criteria in hibernate use like alternate of find_in_set
Session session=new Configuration().configure().buildSessionFactory().openSession();
Criteria criteria=session.createCriteria(ContentMaster.class);
criteria.setFetchMode("CategoryContentMapping", FetchMode.JOIN);
criteria.setFetchMode("GameDetail", FetchMode.JOIN);
criteria.createAlias("categoryContentMappings","cat");
criteria.createAlias("contentTypeMaster", "ctm");
criteria.createAlias("gameDetails","game");
criteria.add(Restrictions.eq("cat.categoryMaster.categoryMasterId", 9));
criteria.add(Restrictions.disjunction()
.add(Restrictions.like("game.groupMasterId","%12,%"))
.add(Restrictions.like("game.groupMasterId","%,12,%"))
.add(Restrictions.like("game.groupMasterId","%12%")));
criteria.add(Restrictions.eq("isActive", "y"));
criteria.add(Restrictions.eq("cat.isActive", "y"));
criteria.add(Restrictions.eq("ctm.isActive", "y"));
criteria.addOrder(Order.desc("cat.contentMappingId"));
I'm receiving the following error from my insert db call.
"android.database.sqlite.SQLiteException: near "t": syntax error (code 1): , while compiling: INSERT INTO OCR(bmp, title, description) VALUES ('[B#9430d52', 'Result:', '
pacifism
Enchant creature
Creature can't attack Or
That
—Knrtce of Qal Sima
');
This is my insert statement
String INSERT_TO_DB = "INSERT INTO " + TABLE_NAME + " ("+
COLUMN_BITMAP + ", " +
COLUMN_TITLE + ", " +
COLUMN_DESCRIPTION +") " +
"VALUES ('" + getBytes(ocr.getBitmap()) + "', '" + ocr.getTitle() + "', '" + ocr.getDescription() + "');";
db.execSQL(INSERT_TO_DB);
The thing is it was working on other images, i'm thinking it has something to do with the fact that there's a lot of "/n" in the description it's trying to insert into the db.
Never put string values directly into an SQL statement; use parameters instead.
It is not necessary to use a prepared statement object to achieve this:
db.execSQL("INSERT ... VALUES(?, ?, ?)",
new Object[]{ ocr.getTitle(), ... });
And there is a helper function that constructs the statement for you, and handles binary data correctly:
ContentValues cv = new ContentValues();
cv.put(COLUMN_TITLE, ocr.getTitle());
cv.put(COLUMN_BITMAP, ocr.getBitmap()); // byte array
...
db.insert(TABLE_NAME, null, cv);
I have a field (dose_str) that needs to be changed from Numeric(7,3) to Varchar(20). I would like to know if there will be a need to change the query below (especially this portion SELECT (convert(varchar,cast(Prot_det.dose_str as float)) ) in the code of my application.
myCommand.CommandText = "
SELECT (convert(varchar,cast(Prot_det.dose_str as float)) + ' '
+ dose_unit + ' ' + dose_form_comment + ' ' + dose_mult) as Dose_str
from
Prot_det,
dosage_form
where
Protocol_num = '" & lblProtocol.Text & "' and
nsc_num = " & lstNSC.SelectedValue & " and
prot_det.dose_form = dosage_form.dose_form"
After changing the datatype of the column, you will be able to change this:
(convert(varchar,cast(Prot_det.dose_str as float))
to this:
(Prot_det.dose_str)
And I would recommend that you do.
I am an ASP.Net developer & using sql server CE 4.0 I want to know how to use place holder for this code, As this query is currently vulnerable to sql injection. Place holder can prevent this but the problem is for example query = "SELECT * FROM TABLE WHERE TITLE = #0" but in my query the value of #0 is dynamically added to query how do i use place holder
this is the code
if (Request["search"] != "" && Request["search"] != null)
{
var search = Request["search"].Trim();
string[] querynew = search.Split(' ');
var searchquery = "and ";
foreach (string word in querynew)
{
searchquery += "response_table.adtitle LIKE '%" + word + "%' OR ";
}
sql += searchquery.Remove(searchquery.Length - 4);
}
if (Request["min"] != "" && Request["min"] != null && Request["max"] != null && Request["max"] != "")
{
sql = sql + " and (CAST(response_table.price AS Float)) between " + Request["min"].Trim() + " AND " + Request["max"].Trim();
}
// 3. the order clause
switch (Request["sort"])
{
case "recent":
sql = sql + "ORDER BY response_table.response_ID DESC OFFSET " + offset + " ROWS FETCH NEXT " + pageSize + " ROWS ONLY";
break;
case "hightolow":
sql = sql + "ORDER BY CAST(response_table.price AS Float) Desc OFFSET " + offset + " ROWS FETCH NEXT " + pageSize + " ROWS ONLY";
break;
case "lowtohigh":
sql = sql + "ORDER BY CAST(response_table.price AS Float) ASC OFFSET " + offset + " ROWS FETCH NEXT " + pageSize + " ROWS ONLY";
break;
default:
break;
}
result = db.Query(sql);
Thank You
Using parameters (instead of concatenating strings) allows you to optimize performance of your queries.
You can use a SqlCeCommand. It has a collection of parameters and you can find a sample here regarding how to use them.
string updateIncomeData = #"INSERT INTO TEAM_FUNDS_DETAILS("
+ "COMPONENT_TYPE,COMPONENT_NAME,COMPONENT_AMOUNT, YEAR_FOR, MONTH_FOR)"
+ "VALUES(" + Convert.ToInt32(TeamFundDetailsEnumClass.ComponentType.Income)
+ " , ?, ?,"
+ ddlYear.SelectedIndex + ", " + ddlMonth.SelectedIndex + ")"
This parametrized query gives me an exception that tells me that there is an error near "?". What is the error. Please correct it.
I am purely guessing but should it be year.selecteditem? not selectedindex?
I don't understand why you would want to mix up the parameter substitution.
Specify all five columns as parameters and set the values that way.
"INSERT INTO TEAM_FUNDS_DETAILS " +
"(COMPONENT_TYPE,COMPONENT_NAME,COMPONENT_AMOUNT, YEAR_FOR, MONTH_FOR) " +
"VALUES(? , ?, ?,?, ?)"
You must set the parameterized values (the ones with the question mark). Here is a similar example in VB.NET:
' Make a Command for this connection
' and this transaction.
Dim cmd As New OleDb.OleDbCommand( _
"SELECT * FROM People WHERE FirstName=? AND " & _
"LastName=?", _
connUsers)
' Create parameters for the query.
cmd.Parameters.Add(New _
OleDb.OleDbParameter("FirstName", first_name))
cmd.Parameters.Add(New OleDb.OleDbParameter("LastName", _
last_name))
If you don't want to use parameterized queries, just substitute the question mark with the default value, or the variable with the value:
string updateIncomeData = #"INSERT INTO TEAM_FUNDS_DETAILS("
+ "COMPONENT_TYPE,COMPONENT_NAME,COMPONENT_AMOUNT, YEAR_FOR, MONTH_FOR)"
+ "VALUES(" + Convert.ToInt32(TeamFundDetailsEnumClass.ComponentType.Income)
+ " , '', 0,"
+ ddlYear.SelectedIndex + ", " + ddlMonth.SelectedIndex + ")"
or
string updateIncomeData = #"INSERT INTO TEAM_FUNDS_DETAILS("
+ "COMPONENT_TYPE,COMPONENT_NAME,COMPONENT_AMOUNT, YEAR_FOR, MONTH_FOR)"
+ "VALUES(" + Convert.ToInt32(TeamFundDetailsEnumClass.ComponentType.Income)
+ " , '" + myComponentName + "', " + myComponentAmount,"
+ ddlYear.SelectedIndex + ", " + ddlMonth.SelectedIndex + ")"
ddlMonth.SelectedItem.Value