Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

sql command Expand / Collapse
Author
Message
Posted Friday, May 9, 2014 9:29 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Saturday, May 17, 2014 10:44 PM
Points: 8, Visits: 5
sir
i am new bie and learning by using sql server compact edition

i am trying to query using dynamic query system

my query is
Dim adapterloadIP As New SqlDataAdapter("SELECT IP_Addr FROM IPPOOL WHERE ZoneName " & ZoneSearch & " AND UserName IS NULL", con)

and getting this error

[code="other] An expression of non Boolean type specified in a context where a condition is expected [/code]

sir
please tell me where is am making mistake and how will be it solved
thanks
Post #1569344
Posted Friday, May 9, 2014 9:35 AM


SSC-Forever

SSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-Forever

Group: General Forum Members
Last Login: Today @ 3:09 PM
Points: 42,434, Visits: 35,487
What is the value of ZoneSearch?


Gail Shaw
Microsoft Certified Master: SQL Server 2008, MVP
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass

Post #1569349
Posted Friday, May 9, 2014 9:52 AM
SSC Veteran

SSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC Veteran

Group: General Forum Members
Last Login: Today @ 2:01 PM
Points: 265, Visits: 595
Try adding an equals sign at the end of the first string.
Post #1569358
Posted Friday, May 9, 2014 10:08 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Saturday, May 17, 2014 10:44 PM
Points: 8, Visits: 5
ZoneSearch is a variable and it contain a zone name selected form the combo box items
here it is "City"
Post #1569364
Posted Friday, May 9, 2014 10:15 AM This worked for the OP Answer marked as solution


SSChampion

SSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampion

Group: General Forum Members
Last Login: Today @ 1:46 PM
Points: 12,876, Visits: 31,788
mkkb917 (5/9/2014)
ZoneSearch is a variable and it contain a zone name selected form the combo box items
here it is "City"


don't you have to put singe quotes in there too, besides the missing equals sign?
'"SELECT IP_Addr FROM IPPOOL WHERE ZoneName = 'Miami' AND UserName IS NULL"
Dim adapterloadIP As New SqlDataAdapter("SELECT IP_Addr FROM IPPOOL WHERE ZoneName = '" & ZoneSearch & "' AND UserName IS NULL", con)



Lowell

--There is no spoon, and there's no default ORDER BY in sql server either.
Actually, Common Sense is so rare, it should be considered a Superpower. --my son
Post #1569368
Posted Friday, May 9, 2014 12:59 PM


Hall of Fame

Hall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of Fame

Group: General Forum Members
Last Login: Today @ 3:45 PM
Points: 3,313, Visits: 7,146
What would happen if someone sets the value of ZoneName to
'; DELETE TABLE IPPOOL;

Don't try this on a production environment.
You might want to read about SQL Injection to prevent this and remember to use only parametrized queries.



Luis C.
I am a great believer in luck, and I find the harder I work the more I have of it. Stephen Leacock

Forum Etiquette: How to post data/code on a forum to get the best help
Post #1569429
Posted Friday, May 9, 2014 1:34 PM
SSC Veteran

SSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC Veteran

Group: General Forum Members
Last Login: Today @ 2:01 PM
Points: 265, Visits: 595
Luis Cazares (5/9/2014)
What would happen if someone sets the value of ZoneName to
'; DELETE TABLE IPPOOL;

Don't try this on a production environment.
You might want to read about SQL Injection to prevent this and remember to use only parametrized queries.


You beat me to it! I was just going to suggest using the SqlParameter class instead of a direct string build. Same reason: injection nightmare
Post #1569435
Posted Friday, May 9, 2014 3:39 PM


SSC-Forever

SSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-Forever

Group: General Forum Members
Last Login: Today @ 3:09 PM
Points: 42,434, Visits: 35,487
mkkb917 (5/9/2014)
ZoneSearch is a variable and it contain a zone name selected form the combo box items
here it is "City"


So the resultant dynamic query will read:

SELECT IP_Addr FROM IPPOOL 
WHERE ZoneName City
AND UserName IS NULL

Hence the error you're getting.

You really should parameterise that query.



Gail Shaw
Microsoft Certified Master: SQL Server 2008, MVP
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass

Post #1569468
Posted Saturday, May 10, 2014 4:29 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Saturday, May 17, 2014 10:44 PM
Points: 8, Visits: 5
sir
i have to use parameterized sql query as on running the user will select the zone and then he will able to see the ippool of that selected zone

Post #1569508
Posted Saturday, May 10, 2014 2:34 PM


SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: Yesterday @ 9:19 AM
Points: 2,826, Visits: 8,462
On page 2 of this thread, Sean Lange gives a simple example of dynamic SQL (vulnerable to sql injection), and a parameterized version of the same code.

http://www.sqlservercentral.com/Forums/Topic1566653-392-2.aspx



Post #1569554
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse