Adding LIMIT with query in asp.net - asp.net

I have a problem with this query I want retrieve all records but leaving first twenty,
Error is: {"Incorrect syntax near 'LIMIT'."}
"SELECT * FROM [upload_news] WHERE [country]='" + country.Text + "' ORDER BY [upload_time] DESC LIMIT 20";

You can't use LIMIT with SQL Server. You can use Top 20. Or you can use ROW_NUMBER and then filter based on that.
Also you should parametrized your query, your current query is prone to SQL Injection.
using (SqlCommand cmd = new SqlCommand(#"SELECT TOP 20 *
FROM [upload_news]
WHERE [country]=#country ORDER BY [upload_time] DESC", connection))
{
cmd.Parameters.AddWithValue("#country", country.Text);
//,.... rest of the code
}

If it's SQL Server, you need to use Top N.
SELECT TOP 20 * FROM [upload_news] WHERE [country]='" + country.Text + "'
ORDER BY [upload_time] DESC

if you want to retrieve all records but leaving first twenty
using this Query
select * from(SELECT (ROW_NUMBER() OVER (ORDER BY upload_time desc)) AS rowNum,*
FROM [upload_news])as temp where temp.rowNum >20
please tell me if it worked

Related

how to return something else when nothing is found?

My current query:
select timestamp from messagesTable
where partner_jid='" + lastUserJid + "' AND msg='.roll'
order by timestamp DESC LIMIT 1 OFFSET 1;
This works fine... unless the values don't exist in the database.
If values do not exist in database, then it should Select * messagesTable; or do nothing if possible.
Is there a way to add a check for that within the same query? It has to be the same query unfortunately because I need to execute things through adb shell. I've been trying things out with CASE but I do not really understand much about SQL.
You can just append a second query, with a WHERE filter that checks whether the first query did not return anything:
SELECT *
FROM (SELECT timestamp
FROM messagesTable
WHERE partner_jid = ?
AND msg = '.roll'
ORDER BY timestamp DESC
LIMIT 1 OFFSET 1)
UNION ALL
SELECT -1 -- or "timestamp FROM msgTab", or whatever
WHERE NOT EXISTS (SELECT timestamp
FROM messagesTable
WHERE partner_jid = ?
AND msg = '.roll');

How to select latest Row from table without using ORDER BY

How can I select latest row from by table without sorting it?
It is because it follow by the ID AUTO INCREMENT...
I'm using c# asp.net to select... I did try using LIMIT 5 but it give me an error page..
rSQL = "select COUNT(*) from chatLog_db where sessionid='" + grpID + "' LIMIT 5";
Is there any better way to solve this matter?
I'd appreciate any help please.
You have an id column which is autoincremented, right? Then you can do it like this..
select * from tablename where id=(select MAX(rid) from tablename)
On MSSQL simply use the top 1 instead of limit
select top(1) * from mytable order by some_column
http://msdn.microsoft.com/en-us/library/ms189463.aspx
if the latest means the max id
select * from chatLog_db
where id = (select max(id) from chatLog_db);
EDIT
select 5 records
select * from chatLog_db
where id > (select max(id) - 5 from chatLog_db);
You can try
SELECT * FROM chatLog_db WHERE sessionid > (SELECT MAX(sessionid) - 1 FROM chatLog_db);
You may also try for
SELECT * FROM chatLog_db WHERE sessionid > (SELECT MAX(sessionid) - 5 FROM chatLog_db);
You may use max as well like
select * from chatLog_db where sessionid = (select max(sessionid) from chatLog_db);
Something like that.
If you are not using order by into your query because you are thinking that it will change the order of your dsplay data then i will tell you that there is one trick as well to sort your data as per your need
you can also sort your data as per your need even if you are using
order by into your query,put the result into DataView and sort it
according to your need because DataView allow us sorting facility as
well.
Latest by using Order By like
select * from tablename order by columnname desc LIMIT 5;
Hope it works for you.

creating a sufficient query search sql

I am writing a query to allow a user to search on what they provide keywords in asp.net, C# and mssql:
string projectPart = null;
string categoryPart = null;
string descriptionPart = null;
if (this.Textbox_ProjectNr.Text.Trim().Length > 0)
projectPart = " AND Number='" + this.Textbox_ProjectNr.Text.Trim() + "' ";
if (this.Textbox_Category.Text.Trim().Length > 0)
categoryPart = " AND Category LIKE '%" + this.Textbox_Category.Text.Trim() + "%' ";
if (this.Textbox_pDescription.Text.Trim().Length > 0)
descriptionPart = " AND ProductDescription LIKE '%" + this.Textbox_pDescription.Text.Trim() + "%' ";
string query = "SELECT * from Project = p.ID " + projectPart + descriptionPart + categoryPart;
I dont know whether this query is sufficient for a traditional query search. Because I see there are some bottlenecks of this search:
if the user does not type anything, it returns all of the data => For this I only do the query when one of the fields are filled.
if the user provides some keywords "P" for each field, the result will be millions of data.
I dont know how to improve the search query basically. any suggestions are appreciated.
Thanks in adavance.
The most important improvement is to protect you code against SQL injection attacks.
You should not concatenate the raw input in the SQL string. If someone searches for the following text for example:
Bwah ha ha'; DROP DATABASE northwind; PRINT'
This will be added to your query to produce
SELECT *
FROM mytable
WHERE category LIKE '%Bwah ha ha'; DROP DATABASE northwind; PRINT'%'
This is a valid SQL command and will happily execute and drop your database (or do anything else the attacker wants)
For more information see SQL Injection and Santitizng Inputs.
You must make this query injection proof! Do not concatenate user entered values, but use parameters, like this:
SqlCommand cmd = new SqlCommand(#"
SELECT * from Project
WHERE
( Number = #Number OR #Number IS NULL ) AND
( Category LIKE #Category OR #Category IS NULL ) AND
( ProductDescription LIKE #ProductDescription OR #ProductDescription IS NULL )", conn);
if(!String.IsNullOrEmpty(this.Textbox_ProjectNr.Text.Trim()))
cmd.Parameters.AddWithValue("#Number", this.Textbox_ProjectNr.Text.Trim());
if(!String.IsNullOrEmpty(this.Textbox_Category.Text.Trim()))
cmd.Parameters.AddWithValue("#Category", this.Textbox_Category.Text.Trim());
if(!String.IsNullOrEmpty(this.Textbox_pDescription.Text.Trim()))
cmd.Parameters.AddWithValue("#ProductDescription", this.Textbox_pDescription.Text.Trim());
Also, you can add some client validation on user entered values. For instance, ask for more than three (?) characaters before running that query.
<asp:TextBox ID="Textbox_ProjectNr" runat="server" />
<asp:RegularExpressionValidator ID="Textbox_ProjectNr_Validator" runat="server"
ControlToValidate="Textbox_ProjectNr"
ErrorMessage="Minimum length is 3"
ValidationExpression=".{3,}" />
First of all, you must protect yourself from sql injections. You haven't specified what connection to the database you are using but most libraries allow adding the parameters in a different field, so they are sanitized automatically.
Secondly, you can (and should) limit the results count using the "LIMIT" (for mysql) or "TOP X" Like so:
Select * from TableName LIMIT 100 or Select TOP 100 * from TableName

how to use scope_identity in sqlite

I have issue when i use scop_identity in sqlite it showing the error like near "select": syntax error...i write query like this
string txtSQLQuery = "insert into SerpTrak_Site (SiteName) values ('" + txturl.Text + "')select scope_identity();";
any wrong in this query please help me...
SQLite does not have a function by the name scope_identity
You are probably looking for 'SELECT last_insert_rowid()'
See also this question: Does SQLite support SCOPE_IDENTITY?
Missing a semicolon between the two queries.
string txtSQLQuery = "insert into SerpTrak_Site (SiteName)
values ('" + txturl.Text + "'); select scope_identity();";

Strange result with

When i run this as my first commend i get an exception an error near "last_insert_rowid". This is referring to the last last_insert_rowid();. If i set the curser to the line command.CommandText = and run it again it is fine.
What gives? The last_insert_rowid seems to be working properly why doesnt the last_insert_rowid after the 2nd insert work.
I tried moving last_insert_rowid() to after the execute and i still get an error. What gives?
using (var trans = connection.BeginTransaction())
{
command.CommandText =
"INSERT INTO link_list(link, status, hash_type, hash_id) " +
"VALUES(#link, #status, #hash_type, #hash_id);" +
"INSERT INTO active_dl(linkId, orderNo) " +
"VALUES(last_insert_rowid(), (SELECT COUNT(*) FROM active_dl)); last_insert_rowid();";
command.Parameters.Add("#link", System.Data.DbType.String).Value = link;
command.Parameters.Add("#status", System.Data.DbType.Int32).Value = SiteBase.Status.none;
command.Parameters.Add("#hash_type", System.Data.DbType.Int32).Value = 0;
command.Parameters.Add("#hash_id", System.Data.DbType.Int32).Value = 0;
int rowid = command.ExecuteNonQuery();
trans.Commit();
}
Why is the last last_insert_rowid() there? After the second insert you call last_insert_rowid with no select or anything to identify what you want to do with it.
You would have to put a select in front of it to retrieve the value wouldn't you?
You're trying to execute 2 sql commands in the one statement. You'll need to split the 2 statements up into 2 calls and return the inserted id from the first statement.
An alternative suggestion is a stored procedure but I don't think sqlite supports these.

Resources