Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

sql command Expand / Collapse
Author
Message
Posted Friday, May 9, 2014 9:29 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Saturday, May 17, 2014 10:44 PM
Points: 8, Visits: 5
sir
i am new bie and learning by using sql server compact edition

i am trying to query using dynamic query system

my query is
Dim adapterloadIP As New SqlDataAdapter("SELECT IP_Addr FROM IPPOOL WHERE ZoneName " & ZoneSearch & " AND UserName IS NULL", con)

and getting this error

[code="other] An expression of non Boolean type specified in a context where a condition is expected [/code]

sir
please tell me where is am making mistake and how will be it solved
thanks
Post #1569344
Posted Friday, May 9, 2014 9:35 AM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: General Forum Members
Last Login: Yesterday @ 1:14 PM
Points: 39,977, Visits: 36,340
What is the value of ZoneSearch?


Gail Shaw
Microsoft Certified Master: SQL Server 2008, MVP
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass

Post #1569349
Posted Friday, May 9, 2014 9:52 AM
Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Yesterday @ 11:55 AM
Points: 338, Visits: 747
Try adding an equals sign at the end of the first string.
Post #1569358
Posted Friday, May 9, 2014 10:08 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Saturday, May 17, 2014 10:44 PM
Points: 8, Visits: 5
ZoneSearch is a variable and it contain a zone name selected form the combo box items
here it is "City"
Post #1569364
Posted Friday, May 9, 2014 10:15 AM This worked for the OP Answer marked as solution


SSChampion

SSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampion

Group: General Forum Members
Last Login: Yesterday @ 8:34 PM
Points: 12,903, Visits: 32,144
mkkb917 (5/9/2014)
ZoneSearch is a variable and it contain a zone name selected form the combo box items
here it is "City"


don't you have to put singe quotes in there too, besides the missing equals sign?
'"SELECT IP_Addr FROM IPPOOL WHERE ZoneName = 'Miami' AND UserName IS NULL"
Dim adapterloadIP As New SqlDataAdapter("SELECT IP_Addr FROM IPPOOL WHERE ZoneName = '" & ZoneSearch & "' AND UserName IS NULL", con)



Lowell

--There is no spoon, and there's no default ORDER BY in sql server either.
Actually, Common Sense is so rare, it should be considered a Superpower. --my son
Post #1569368
Posted Friday, May 9, 2014 12:59 PM


Hall of Fame

Hall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of Fame

Group: General Forum Members
Last Login: Yesterday @ 9:48 PM
Points: 3,636, Visits: 8,151
What would happen if someone sets the value of ZoneName to
'; DELETE TABLE IPPOOL;

Don't try this on a production environment.
You might want to read about SQL Injection to prevent this and remember to use only parametrized queries.



Luis C.
Are you seriously taking the advice and code from someone from the internet without testing it? Do you at least understand it? Or can it easily kill your server?

Forum Etiquette: How to post data/code on a forum to get the best help
Post #1569429
Posted Friday, May 9, 2014 1:34 PM
Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Yesterday @ 11:55 AM
Points: 338, Visits: 747
Luis Cazares (5/9/2014)
What would happen if someone sets the value of ZoneName to
'; DELETE TABLE IPPOOL;

Don't try this on a production environment.
You might want to read about SQL Injection to prevent this and remember to use only parametrized queries.


You beat me to it! I was just going to suggest using the SqlParameter class instead of a direct string build. Same reason: injection nightmare
Post #1569435
Posted Friday, May 9, 2014 3:39 PM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: General Forum Members
Last Login: Yesterday @ 1:14 PM
Points: 39,977, Visits: 36,340
mkkb917 (5/9/2014)
ZoneSearch is a variable and it contain a zone name selected form the combo box items
here it is "City"


So the resultant dynamic query will read:

SELECT IP_Addr FROM IPPOOL 
WHERE ZoneName City
AND UserName IS NULL

Hence the error you're getting.

You really should parameterise that query.



Gail Shaw
Microsoft Certified Master: SQL Server 2008, MVP
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass

Post #1569468
Posted Saturday, May 10, 2014 4:29 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Saturday, May 17, 2014 10:44 PM
Points: 8, Visits: 5
sir
i have to use parameterized sql query as on running the user will select the zone and then he will able to see the ippool of that selected zone

Post #1569508
Posted Saturday, May 10, 2014 2:34 PM


SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: Saturday, September 27, 2014 8:08 AM
Points: 2,827, Visits: 8,480
On page 2 of this thread, Sean Lange gives a simple example of dynamic SQL (vulnerable to sql injection), and a parameterized version of the same code.

http://www.sqlservercentral.com/Forums/Topic1566653-392-2.aspx



Post #1569554
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse