Where="((ProgModelID == #ProgModelID) || (#ProgModelID == #ShowAll)) && (((FirstName + ' ' + MiddleName + ' ' + LastName) LIKE '%' + #Name + '%') || ((FirstName + ' ' + LastName) LIKE '%' + #Name + '%'))"
I need to concatenate the full name together when comparing against a TextBox in order to filter a GridView, but this error comes up when I try to run it. The error changes to Expression expected when I place [] around each FirstName, MiddleName and LastName.
Update
I have a textbox which a user can type a name into to filter a GridView's results. the GridView has a LinqDataSource. The problem is the name is divided in the database into 3 parts: first, middle, last. I want to be able to filter by first+last name, as well as first+middle+last name. The areas related to ProgModel are for a DropDownList and already function if the sections related to #Name are removed.
I figured out how to avoid this error, and a probable cause for it. I added computed columns to the view the LinqDataSource was pulling rows from for FullName (first, middle, last) and Name (first, last).
I then changed LIKE to .Contains() and received a no applicable method 'contains' exists in type 'string' error. What happened was I forgot to add ConvertEmptyStringToNull="false" to the ControlParameter for the TextBox (I found out this solution from the link here). That managed to fix everything.
You need just one more ) at the end is all..This will complete the wrap after your &&
Try this:
Where="((ProgModelID == #ProgModelID) || (#ProgModelID == #ShowAll)) &&
(((FirstName + ' ' + MiddleName + ' ' + LastName) LIKE '%' + #Name + '%')
|| ((FirstName + ' ' + LastName) LIKE '%' + #Name + '%')))"
Or - to make it a little easier to read and still get the same result, remove one of the ( before FirstName + ' ' - like:
Where="((ProgModelID == #ProgModelID) || (#ProgModelID == #ShowAll)) &&
((FirstName + ' ' + MiddleName + ' ' + LastName) LIKE '%' + #Name + '%')
|| ((FirstName + ' ' + LastName) LIKE '%' + #Name + '%'))"
Ultimately the error message says it all :)
Related
I am working on flex actionscript project. In which i am going to save/insert records in sqlite database, which i got in response.
But, form that records some records are not inserted into table. When i catch the error it gives sql error.
near '/': syntax error
In response i have got whole html markup.
I have written/execute query inside for loop like:
var insert:SQLStatement = new SQLStatement();
insert.sqlConnection = sqlConnectionSync;
insert.text = 'INSERT OR IGNORE INTO TableName (MessageID, AccountID, Body) VALUES ("' + listArray[i].MessageID + '","' + listArray[i].AccountID + '","' + listArray[i].Body + '")';
insert.execute();
I have also tried changing " in place of ' and vice versa.
But it gives other error of '
Error #3115: SQL Error.
near 'll': syntax error
And
near '_blank': syntax error
Any help would greatly appreciated.
To avoid such problem, you can use SQLStatement.parameters property like this, for example :
var insert:SQLStatement = new SQLStatement();
insert.text = 'INSERT OR IGNORE INTO TableName (MessageID, AccountID, Body) VALUES (:param1, :param2, :param3)';
insert.parameters[':param1'] = listArray[i].MessageID;
insert.parameters[':param2'] = listArray[i].AccountID;
insert.parameters[':param3'] = listArray[i].Body;
insert.execute();
Hope that can help.
Posting the full query as text would help but most likely you have " or ' characters in your data (like ...="_blank" or "You'll"). You'd need to escape your variable values before inserting them into the database. I have switched " and ' from your example:
insert.text = "INSERT OR IGNORE INTO TableName (MessageID, AccountID, Body) VALUES ('" + escapeChars(listArray[i].MessageID) + "','" + escapeChars(listArray[i].AccountID) + "','" + escapeChars(listArray[i].Body) + "')";
private function escapeChars(myString:String):String
{
// Since we are using "'" we'd need to escape all other "'" characters
return myString.replace(/'/gi, "\'");
}
I am developing an application where user searches for another user. The most matched results should come higher up.
string name = txtSearch.Text;
string space = " ";
if(name.Contains(space))
{
string[] FullName = txtSearch.Text.Split(' ');
using (SqlConnection conn = new SqlConnection(strcon))
{
using (SqlCommand cmd = new SqlCommand())
{
cmd.CommandText = "select UserProfile.City, UserProfile.FirstName, UserProfile.LastName,UserProfile.Age where UserProfile.FirstName like '%" + FullName[0] + "%' or UserProfile.FirstName like '%" + FullName[1] + "%' or UserProfile.LastName like '%" + FullName[1] + "%'";
cmd.Connection = conn;
conn.Open();
dlContacts.DataSource = cmd.ExecuteReader();
dlContacts.DataBind();
conn.Close();
}
}
}
This is where I am handling search work. txrSearch is id of text box where user types username to search and finally data is bound to datalist. Now I want to move the matches record up. Like if user types "Tom John" then Tom John name should come on the top and then remaining records with lower frequency of those keywords should come down. How can I do it?
Thanks in advance
To avoid SQL injection attacks, always use parameterized queries.
cmd.Parameters.AddWithValue("#myFirstParam", FullName[0])
cmd.Parameters.AddWithValue("#mySecondParam", FullName[1])
your CommentText
(maby it is not ideal, but it works for you.)
SELECT
UserProfile.City,UserProfile.FirstName,UserProfile.LastName,UserProfile.Age
FROM
UserProfile
WHERE
UserProfile.FirstName LIKE '%' + #myFirstParam + '%' OR
UserProfile.FirstName LIKE '%' + #mySecondParam + '%' OR
UserProfile.LastName LIKE '%" + #mySecondParam + "%'
ORDER BY
CASE WHEN UserProfile.FirstName LIKE '%' + #myFirstParam + '%' THEN 1 ELSE 0 END +
CASE WHEN UserProfile.FirstName LIKE '%' + #mySecondParam + '%' THEN 1 ELSE 0 END +
CASE WHEN UserProfile.LastName LIKE '%' + #mySecondParam + '%' THEN 1 ELSE 0 END
DESC
what about
i have three names
i have three names
i use upper/lower case
i enter space and not type a second word
....?
I am supposed to get everything in 2 columns of a table that starts with 'a'. Please suggest modifications to this. (Searchbox.Text = 'a')
I am using ASP .Net and language is Visual Basic, while the database is SQL Server Compact. I have tried the below to obtain different results.
Code A:
"SELECT * FROM [Table Name] WHERE [Column1] LIKE '" + SearchTextBox.Text + "%'" AND [Column2] LIKE '" + SearchTextBox.Text + "%'"
Code B:
"SELECT * FROM [Table Name] WHERE * LIKE '" + SearchTextBox.Text + "%'"
If I understand your question, you want to use " or " rather than " and " as " and " will give you only the columns where an " a " is in both columns...
You'd be much better creating a stored procdure wih a parameter and binding to that. You code will not be subject to injection attack which it currently is.
HTH
SELECT
*
FROM
[Table Name]
WHERE
[Column1] LIKE '" + SearchTextBox.Text + "%'"
or [Column2] LIKE '" + SearchTextBox.Text + "%'"
Hope this helps
Do you mean ...
SELECT *
FROM [Table Name]
WHERE [Column1] LIKE '" + SearchTextBox.Text + "%'"
OR [Column2] LIKE '" + SearchTextBox.Text + "%'"
?
Note that I'm using an OR instead of an AND - This is pretty fundamental stuff, so if this is your problem, you should read up on Boolean operations
I am having a little issue that I don't seem to understand the best way to approach.
I have a GridView that get automatic column generations based on the query I run. The GridView will contain (Name) (Description) (Edit) (Delete) (View) (Admin).
Now because the Edit, Delete, View... are bit's in the database when the query returns the results and binds the data with the GridView I get these grayed out Checkboxes with checked if True or Unchecked if False.
Now because I didn't create those disabled checkboxes are they really a checkbox or are the something that's just display like that... If they are really a checkboxes how do I access them and enable or disable them? I tried looping through each cell in grid but when I say cell.text it gives me empty string back... What would be the best way to approach this or am I misunderstanding the DataBind of a bit fields?
Thanks all for your help.
UPDATED
string sSQLAccess = "SELECT ap.n_Name 'App', a.b_Edit 'Edit', a.b_Delete 'Delete', a.b_View 'View' " + Environment.NewLine
+ "FROM tbl_Actions a " + Environment.NewLine
+ "JOIN tbl_Applications ap ON ap.u_ID = a.u_ApplicationID" + Environment.NewLine
+ "JOIN tbl_Roles r ON r.u_ID = a.u_RoleID" + Environment.NewLine
+ "WHERE a.b_Deleted = 0" + Environment.NewLine
+ "AND ap.b_Deleted = 0 " + Environment.NewLine
+ "AND r.b_Deleted = 0 " + Environment.NewLine
+ "AND a.u_RoleID = '" + Request.QueryString["ID"] + "'" + Environment.NewLine;
grdAccess.DataSource = vwAccess;
grdAccess.DataBind();
The checkbox will not be enabled unless the gridview is in edit mode - you would need to define an edit template for the gridview.
I am searching for string input from textbox control in EF data model. Could someone help me to construct the where clause in the code file to do this.
I tried the below piece of code in the code, even though it compiles throws an error when I enter the search string and submit the search.
Where("it.[CaseName] like '%'" + searchString +
"'%' or it.[CaseNumber] like '%'" + searchString +
"'%' or it.[AppRegNumber] like '%'" + searchString +
"'%' or it.[SSNo] like '%'" + searchString + "'%'")
When this same where clause was used in EntityDataSource control markup it accepts and search correctly.
I am in the process of changing my pages to use ObjectDataSource control to connect to a business logic layer class instead of directly to EDM data model.
If you want to use the Where Query Builder method of ObjectQuery (I think that's what you are using in your question), you need to remove the inner single quotes from the query expression:
Where("it.[CaseName] like '%" + searchString +
"%' or it.[CaseNumber] like '%" + searchString +
"%' or it.[AppRegNumber] like '%" + searchString +
"%' or it.[SSNo] like '%" + searchString + "%'")
Or as a parametrized query:
Where("it.[CaseName] like #search" +
" or it.[CaseNumber] like #search" +
" or it.[AppRegNumber] like #search" +
" or it.[SSNo] like #search",
new ObjectParameter("search", string.Concat("%", searchString, "%")))
Edit
Don't use the first version if searchString comes from user input on a web page as this version is vulnerable to SQL Injection (enter this term in search engine for explanation). Instead use the parametrized query in the second version.
Well, you can use the Linq extension methods:
.Where(r => r.CaseName.IndexOf(searchString) >= 0
|| r.CaseNumber.IndexOf(searchString) >= 0
|| r.AppRegNumber.IndexOf(searchString) >= 0
|| r.SSNo.IndexOf(searchString) >= 0)