column as a variable - google-maps-api-3

Is it possible to pass the coloumn name also like a variable.Please edit this code.
var columnname=hhSanitHouseType;
var operator = ...;
var textvalue = ...;
layer.setQuery("SELECT 'geometry',hhSanitHouseType FROM " + tableid + " WHERE 'hhSanitHouseType'" + operator + " '" + textvalue + "'");

You seem to ask the same question over and over again.
I already gave you the answer or see the answer of Eric. Or am I missing something?

Related

error Incorrect syntax near ','

SqlConnection con = new SqlConnection(#"Data Source=shashi-PC\SQLEXPRESS;Initial Catalog=payroll;Integrated Security=True;Pooling=False");
SqlCommand com = new SqlCommand("insert into Leave_trans values(" + txtempid.Text + ",'" + ddlleavetype.SelectedValue + "'," + txtallowedays.Text + "," + txtpendingleave.Text + ",'" + txtleavefrom.Text + "','" + txtleaveto.Text + "'," + txttotalleaves.Text + ")");
com.Connection = con;
con.Open();
com.ExecuteNonQuery();
Response.Write("<script>alert('Leave data saved successfully')</script>");
con.Close();
This doesn't directly answer your question, but you should never take user-input and use string concatenation to build an SQL query (please take some time to read about SQL injection e.g. here or here).
Instead of concatenating the full query, you should use SqlParameter instances as placeholders for your values, e.g:
var com = new SqlCommand(
"insert into Leave_trans values(#empId, #leaveType, #allowedDays, ...)");
com.Parameters.Add(new SqlParameter("#empId", txtempid.Text));
com.Parameters.Add(new SqlParameter("#leaveType", ddlleavetype.SelectedValue));
com.Parameters.Add(new SqlParameter("#allowedDays", txtalloweddays.Text));
...
BTW: the cause for your problem is that you are not correctly single-quoting your inputs inside the query (e.g. txtempid.Text is not in single quotes). Using SqlParameters will also solve that problem for you.
I think the problem is in your query. You didn't provide us the data type of your database columns. But assuming from your query you are inserting some text from TextBox and one DropDownList selected item. From your TextBox text you will always get a string type value and for inserting string into your columns you should use single quotation '' before and after on it. But on your query you didn't use any quotation for some of your value parameter. I made an assumption and made a query for you. try this updated one.
SqlConnection con = new SqlConnection(#"Data Source=shashi-PC\SQLEXPRESS;Initial Catalog=payroll;Integrated Security=True;Pooling=False");
SqlCommand com = new SqlCommand("insert into Leave_trans values(" + "'" + txtempid.Text + "'", "'" + ddlleavetype.SelectedValue + "'","'" + txtallowedays.Text + "'","'" + txtpendingleave.Text + "'", "'" + txtleavefrom.Text + "'","'" + txtleaveto.Text + "'", "'" + txttotalleaves.Text + "')");
com.Connection = con;
con.Open();
com.ExecuteNonQuery();
Response.Write("<script>alert('Leave data saved successfully')</script>");
But i have some suggestion for you that is- you shouldn't use string as your table's primary key data type, it should be int type and another one is you should take int id of your selected item from your DropDownList not the text.

Sqlite insert gives syntax error

I am working on flex actionscript project. In which i am going to save/insert records in sqlite database, which i got in response.
But, form that records some records are not inserted into table. When i catch the error it gives sql error.
near '/': syntax error
In response i have got whole html markup.
I have written/execute query inside for loop like:
var insert:SQLStatement = new SQLStatement();
insert.sqlConnection = sqlConnectionSync;
insert.text = 'INSERT OR IGNORE INTO TableName (MessageID, AccountID, Body) VALUES ("' + listArray[i].MessageID + '","' + listArray[i].AccountID + '","' + listArray[i].Body + '")';
insert.execute();
I have also tried changing " in place of ' and vice versa.
But it gives other error of '
Error #3115: SQL Error.
near 'll': syntax error
And
near '_blank': syntax error
Any help would greatly appreciated.
To avoid such problem, you can use SQLStatement.parameters property like this, for example :
var insert:SQLStatement = new SQLStatement();
insert.text = 'INSERT OR IGNORE INTO TableName (MessageID, AccountID, Body) VALUES (:param1, :param2, :param3)';
insert.parameters[':param1'] = listArray[i].MessageID;
insert.parameters[':param2'] = listArray[i].AccountID;
insert.parameters[':param3'] = listArray[i].Body;
insert.execute();
Hope that can help.
Posting the full query as text would help but most likely you have " or ' characters in your data (like ...="_blank" or "You'll"). You'd need to escape your variable values before inserting them into the database. I have switched " and ' from your example:
insert.text = "INSERT OR IGNORE INTO TableName (MessageID, AccountID, Body) VALUES ('" + escapeChars(listArray[i].MessageID) + "','" + escapeChars(listArray[i].AccountID) + "','" + escapeChars(listArray[i].Body) + "')";
private function escapeChars(myString:String):String
{
// Since we are using "'" we'd need to escape all other "'" characters
return myString.replace(/'/gi, "\'");
}

Multiple entries in WHERE or use Use * in WHERE * and use LIKE SQL

I am supposed to get everything in 2 columns of a table that starts with 'a'. Please suggest modifications to this. (Searchbox.Text = 'a')
I am using ASP .Net and language is Visual Basic, while the database is SQL Server Compact. I have tried the below to obtain different results.
Code A:
"SELECT * FROM [Table Name] WHERE [Column1] LIKE '" + SearchTextBox.Text + "%'" AND [Column2] LIKE '" + SearchTextBox.Text + "%'"
Code B:
"SELECT * FROM [Table Name] WHERE * LIKE '" + SearchTextBox.Text + "%'"
If I understand your question, you want to use " or " rather than " and " as " and " will give you only the columns where an " a " is in both columns...
You'd be much better creating a stored procdure wih a parameter and binding to that. You code will not be subject to injection attack which it currently is.
HTH
SELECT
*
FROM
[Table Name]
WHERE
[Column1] LIKE '" + SearchTextBox.Text + "%'"
or [Column2] LIKE '" + SearchTextBox.Text + "%'"
Hope this helps
Do you mean ...
SELECT *
FROM [Table Name]
WHERE [Column1] LIKE '" + SearchTextBox.Text + "%'"
OR [Column2] LIKE '" + SearchTextBox.Text + "%'"
?
Note that I'm using an OR instead of an AND - This is pretty fundamental stuff, so if this is your problem, you should read up on Boolean operations

ASP.net Gridview does not display first row

SqlDataReader myReader1 = null;
SqlCommand myCommand1 = new SqlCommand("SELECT Standard_Note_Code, COUNT(Standard_Note_Code) as Count FROM [Excel_table] where Standard_Note_Creator_Name = '" + ddlrep.Text + "' and (Std_Note_Date_Entered >= '" + datefrom + "' and Std_Note_Date_Entered <= '" + dateto + "') group by Standard_Note_Code", myConnection);
myReader1 = myCommand1.ExecuteReader();
myReader1.Read();
gvsummary.Visible = true;
if (myReader1.HasRows)
{
gvsummary.DataSource = myReader1;
gvsummary.DataBind();
}
else
{
myReader1.Close();
//myConnection.Close();
//Label2.Text = "No Records Exist";
}
myReader1.Close();
Remove myReader1.Read();, after ExecuteReader. That line causes the grid to start reading from the 2nd position.
Everything looks correct to me, except I don't think you should be calling
myReader1.Read();
before you bind to the GridView. I think if you remove that line it will fix your problem.
Don't call myReader1.Read(); if you're binding as a data source.

asp.net GridView and Checkboxes Dynamic Bind

I am having a little issue that I don't seem to understand the best way to approach.
I have a GridView that get automatic column generations based on the query I run. The GridView will contain (Name) (Description) (Edit) (Delete) (View) (Admin).
Now because the Edit, Delete, View... are bit's in the database when the query returns the results and binds the data with the GridView I get these grayed out Checkboxes with checked if True or Unchecked if False.
Now because I didn't create those disabled checkboxes are they really a checkbox or are the something that's just display like that... If they are really a checkboxes how do I access them and enable or disable them? I tried looping through each cell in grid but when I say cell.text it gives me empty string back... What would be the best way to approach this or am I misunderstanding the DataBind of a bit fields?
Thanks all for your help.
UPDATED
string sSQLAccess = "SELECT ap.n_Name 'App', a.b_Edit 'Edit', a.b_Delete 'Delete', a.b_View 'View' " + Environment.NewLine
+ "FROM tbl_Actions a " + Environment.NewLine
+ "JOIN tbl_Applications ap ON ap.u_ID = a.u_ApplicationID" + Environment.NewLine
+ "JOIN tbl_Roles r ON r.u_ID = a.u_RoleID" + Environment.NewLine
+ "WHERE a.b_Deleted = 0" + Environment.NewLine
+ "AND ap.b_Deleted = 0 " + Environment.NewLine
+ "AND r.b_Deleted = 0 " + Environment.NewLine
+ "AND a.u_RoleID = '" + Request.QueryString["ID"] + "'" + Environment.NewLine;
grdAccess.DataSource = vwAccess;
grdAccess.DataBind();
The checkbox will not be enabled unless the gridview is in edit mode - you would need to define an edit template for the gridview.

Resources