SQL formatting variables

TheMSsForum.com: The Microsoft Software Forum

This is a multi-part message in MIME format.

------=_NextPart_000_0008_01C3C629.AD311660
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I have a set of variables (varies in type) which I will need to take
and make "SQL-safe", that is, if the variable is a string i need it
to be converted to 'string' and if it's a bool then it should be
coverted to 0 or 1 etc etc..

The reason for this is that I need to build a query dynamicly and
need the conditions (after the where clause) to be right formatted.

I thought I might be able to use the types in System.Data.SqlTypes
but it seems they are unable to return "SQL-safe" formatted values
(what a shame actually).

I would reeaaaaaaaally like not to have a huge switch (c#) statement
which checks for the type and makes the correct formatting. So does
anyone know of any solution I could use? I've looked and looked in
the System.Data namespaces without any luck.. I've even tried to
use the SqlParameter class since when using with for instance a
SqlCommand, they help give the right format, without any luck =3D/

--=20
ANDREAS H=C5KANSSON
STUDENT OF SOFTWARE ENGINEERING
andreas (at) selfinflicted.org
------=_NextPart_000_0008_01C3C629.AD311660
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.3790.59" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>I have a set of variables (varies in =
type) which I=20
will need to take</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>and make "SQL-safe", that is, if the =
variable is a=20
string i need it</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>to be converted to 'string' and if it's =
a bool then=20
it should be</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>coverted to 0 or 1 etc =
etc..</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>The reason for this is that I need to =
build a query=20
dynamicly and</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>need the conditions (after the where =
clause) to be=20
right formatted.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>I thought I might be able to use the =
types in=20
System.Data.SqlTypes</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>but it seems they are unable to return =
"SQL-safe"=20
formatted values</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>(what a shame actually).</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>I would reeaaaaaaaally like not to have =
a huge=20
switch (c#) statement</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>which checks for the type and makes the =
correct=20
formatting. So does</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>anyone know of any solution I could =
use? I've=20
looked and looked in</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>the System.Data namespaces without any =
luck.. I've=20
even tried to</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>use the SqlParameter class since when =
using with=20
for instance a</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>SqlCommand, they help give the right =
format,=20
without any luck =3D/</FONT></DIV>
<DIV><FONT face=3DArial size=3D2><BR>-- <BR>ANDREAS =
H=C5KANSSON<BR>STUDENT OF SOFTWARE=20
ENGINEERING<BR>andreas (at) selfinflicted.org</FONT></DIV></BODY></HTML>

------=_NextPart_000_0008_01C3C629.AD311660--
Top

Re: SQL formatting variables by Miha

Miha
Fri Dec 19 05:29:10 CST 2003

Hi Andreas,

You will have to do it manually.
Anyway, why don't you rather use parametrized sql stataments instead of
concatenating them?

--
Miha Markic - RightHand .NET consulting & software development
miha at rthand com
www.rthand.com

"Andreas Håkansson" <andreas (at) selfinflicted.org> wrote in message
news:uIgfOFixDHA.2448@TK2MSFTNGP12.phx.gbl...
I have a set of variables (varies in type) which I will need to take
and make "SQL-safe", that is, if the variable is a string i need it
to be converted to 'string' and if it's a bool then it should be
coverted to 0 or 1 etc etc..

The reason for this is that I need to build a query dynamicly and
need the conditions (after the where clause) to be right formatted.

I thought I might be able to use the types in System.Data.SqlTypes
but it seems they are unable to return "SQL-safe" formatted values
(what a shame actually).

I would reeaaaaaaaally like not to have a huge switch (c#) statement
which checks for the type and makes the correct formatting. So does
anyone know of any solution I could use? I've looked and looked in
the System.Data namespaces without any luck.. I've even tried to
use the SqlParameter class since when using with for instance a
SqlCommand, they help give the right format, without any luck =/

--
ANDREAS HÅKANSSON
STUDENT OF SOFTWARE ENGINEERING
andreas (at) selfinflicted.org


Top

Re: SQL formatting variables by andreas

andreas
Fri Dec 19 05:35:37 CST 2003

This is a multi-part message in MIME format.

------=_NextPart_000_0025_01C3C62C.9B0C2170
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

You mean take the name of the parameter and add it to the querystring
along with a parameter name like @param1 etc and then add a new
SqlParameter object for each @paramXX mapping it to the correct=20
datatype and value and have the SqlDataAdapter do the trick for me?

--=20
ANDREAS H=C5KANSSON
STUDENT OF SOFTWARE ENGINEERING
andreas (at) selfinflicted.org
"Miha Markic" <miha at rthand com> wrote in message =
news:eoI7RNixDHA.1060@TK2MSFTNGP12.phx.gbl...
Hi Andreas,

You will have to do it manually.
Anyway, why don't you rather use parametrized sql stataments instead =
of
concatenating them?

--=20
Miha Markic - RightHand .NET consulting & software development
miha at rthand com
www.rthand.com

"Andreas H=E5kansson" <andreas (at) selfinflicted.org> wrote in =
message
news:uIgfOFixDHA.2448@TK2MSFTNGP12.phx.gbl...
I have a set of variables (varies in type) which I will need to take
and make "SQL-safe", that is, if the variable is a string i need it
to be converted to 'string' and if it's a bool then it should be
coverted to 0 or 1 etc etc..

The reason for this is that I need to build a query dynamicly and
need the conditions (after the where clause) to be right formatted.

I thought I might be able to use the types in System.Data.SqlTypes
but it seems they are unable to return "SQL-safe" formatted values
(what a shame actually).

I would reeaaaaaaaally like not to have a huge switch (c#) statement
which checks for the type and makes the correct formatting. So does
anyone know of any solution I could use? I've looked and looked in
the System.Data namespaces without any luck.. I've even tried to
use the SqlParameter class since when using with for instance a
SqlCommand, they help give the right format, without any luck =3D/

--=20
ANDREAS H=C5KANSSON
STUDENT OF SOFTWARE ENGINEERING
andreas (at) selfinflicted.org


------=_NextPart_000_0025_01C3C62C.9B0C2170
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.3790.59" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>You mean take the name of the parameter =
and add it=20
to the querystring</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>along with a parameter name like =
@param1 etc and=20
then add a new</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>SqlParameter object for each @paramXX =
mapping it to=20
the correct </FONT></DIV>
<DIV><FONT face=3DArial size=3D2>datatype and value and have the =
SqlDataAdapter do=20
the trick for me?</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV>-- <BR>ANDREAS H=C5KANSSON<BR>STUDENT OF SOFTWARE =
ENGINEERING<BR>andreas (at)=20
selfinflicted.org</DIV>
<BLOCKQUOTE=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Miha Markic" &lt;miha at rthand com&gt; wrote in message <A=20
=
href=3D"news:eoI7RNixDHA.1060@TK2MSFTNGP12.phx.gbl">news:eoI7RNixDHA.1060=
@TK2MSFTNGP12.phx.gbl</A>...</DIV>Hi=20
Andreas,<BR><BR>You will have to do it manually.<BR>Anyway, why don't =
you=20
rather use parametrized sql stataments instead of<BR>concatenating=20
them?<BR><BR>-- <BR>Miha Markic - RightHand .NET consulting &amp; =
software=20
development<BR>miha at rthand com<BR><A=20
href=3D"http://www.rthand.com">www.rthand.com</A><BR><BR>"Andreas =
H=E5kansson"=20
&lt;andreas (at) selfinflicted.org&gt; wrote in message<BR><A=20
=
href=3D"news:uIgfOFixDHA.2448@TK2MSFTNGP12.phx.gbl">news:uIgfOFixDHA.2448=
@TK2MSFTNGP12.phx.gbl</A>...<BR>I=20
have a set of variables (varies in type) which I will need to =
take<BR>and make=20
"SQL-safe", that is, if the variable is a string i need it<BR>to be =
converted=20
to 'string' and if it's a bool then it should be<BR>coverted to 0 or 1 =
etc=20
etc..<BR><BR>The reason for this is that I need to build a query =
dynamicly=20
and<BR>need the conditions (after the where clause) to be right=20
formatted.<BR><BR>I thought I might be able to use the types in=20
System.Data.SqlTypes<BR>but it seems they are unable to return =
"SQL-safe"=20
formatted values<BR>(what a shame actually).<BR><BR>I would =
reeaaaaaaaally=20
like not to have a huge switch (c#) statement<BR>which checks for the =
type and=20
makes the correct formatting. So does<BR>anyone know of any solution I =
could=20
use? I've looked and looked in<BR>the System.Data namespaces without =
any=20
luck.. I've even tried to<BR>use the SqlParameter class since when =
using with=20
for instance a<BR>SqlCommand, they help give the right format, without =
any=20
luck =3D/<BR><BR>-- <BR>ANDREAS H=C5KANSSON<BR>STUDENT OF SOFTWARE=20
ENGINEERING<BR>andreas (at) =
selfinflicted.org<BR><BR></BLOCKQUOTE></BODY></HTML>

------=_NextPart_000_0025_01C3C62C.9B0C2170--

Top

Re: SQL formatting variables by Miha

Miha
Fri Dec 19 06:44:09 CST 2003

Hi Andreas,

"Andreas Håkansson" <andreas (at) selfinflicted.org> wrote in message
news:%23Jum6QixDHA.4060@TK2MSFTNGP11.phx.gbl...
You mean take the name of the parameter and add it to the querystring
along with a parameter name like @param1 etc and then add a new
SqlParameter object for each @paramXX mapping it to the correct
datatype and value and have the SqlDataAdapter do the trick for me?

Exactly.
Actually the trick will do SqlCommand :)

--
Miha Markic - RightHand .NET consulting & software development
miha at rthand com
www.rthand.com


Top