Hi,
I need to have an varchar value with single quotes. For eg: the below code throws compilation error.
Declare @.val VARCHAR(20)
SELECT @.val = ''+name+''
print @.val
Error: Invalid column 'name'
I want to print name enclosed with single quotes. Please guide me.
Regards,
SamDeclare @.val VARCHAR(20)
SELECT @.val = 'Kaiowas'
PRINT @.VAL
EDIT (added): SET @.VAL = @.VAL + '''Kaiowas'''
EDIT (added): PRINT @.VAL
SET @.VAL = @.VAL + '''' + @.VAL + ''''
PRINT @.VAL
Showing posts with label code. Show all posts
Showing posts with label code. Show all posts
Monday, March 26, 2012
escaping data for update query
I have some code (C#) that runs an SQL update query that sets the
value of a column to what the user passes. So, this causes an error
when anything the user passes in has a ' character in it. I'm sure
there's other characters that'll break it too. So, I was wondering,
how do I get around this? Is there some commonly accepted regex
pattern that will make the value safe to run in an SQL query? How can
I take care of any values that need to be escaped?
I'm not using any fancy ado.net objects:
string sql= [whatever the user passes in]
SqlConnection connection = new
SqlConnection(ConfigurationManager.ConnectionStrin gs[Utils.GetConnectionString].ToString());
connection.Open();
SqlCommand command = connection.CreateCommand();
command.CommandType = CommandType.Text;
command.CommandText = sql;
try
{
int result = command.ExecuteNonQuery();
if (result != 1)
{
Response.StatusCode = 500;
Response.Write("The file has been uploaded, but we
could not update the DB");
Response.End();
}
}
catch (InvalidOperationException)
{
Response.Clear();
Response.Write("error");
Response.StatusCode = 500;
Response.End();
}
connection.Close();
On 6 4 , 8 48 , eggie5 <egg...@.gmail.com> wrote:
> I have some code (C#) that runs an SQL update query that sets the
> value of a column to what the user passes. So, this causes an error
> when anything the user passes in has a ' character in it. I'm sure
> there's other characters that'll break it too. So, I was wondering,
> how do I get around this? Is there some commonly accepted regex
> pattern that will make the value safe to run in an SQL query? How can
> I take care of any values that need to be escaped?
> I'm not using any fancy ado.net objects:
> string sql= [whatever the user passes in]
> SqlConnection connection = new
> SqlConnection(ConfigurationManager.ConnectionStrin gs[Utils.GetConnectionStrXing].ToString());
> connection.Open();
> SqlCommand command = connection.CreateCommand();
> command.CommandType = CommandType.Text;
> command.CommandText = sql;
> try
> {
> int result = command.ExecuteNonQuery();
> if (result != 1)
> {
> Response.StatusCode = 500;
> Response.Write("The file has been uploaded, but we
> could not update the DB");
> Response.End();
> }
> }
> catch (InvalidOperationException)
> {
> Response.Clear();
> Response.Write("error");
> Response.StatusCode = 500;
> Response.End();
> }
> connection.Close();
You can string.replace() method to escape
charater ' by ''(double single quotes).
|||If you post the same question to multiple groups, send the message once and
specify all groups (crosspost) rather than post independent messages. This
courtesy allows everyone involved to track the responses and prevents
duplication of effort.
> Is there some commonly accepted regex
> pattern that will make the value safe to run in an SQL query? How can
> I take care of any values that need to be escaped?
The Best Practice is to use parameters rather than build a SQL statement
string. Not only does this eliminate the need to escape quotes, it's much
more secure because it's not vulnerable to SQL injection. Simple example
below.
command.CommandText = "INSERT INTO dbo.MyTable VALUES(@.UserParameter)";
SqlParameter param = new SqlParameter("@.UserParameter",
userSuppliedValue);
command.Parameters.Add(param);
command.ExecuteNonQuery();
Hope this helps.
Dan Guzman
SQL Server MVP
"eggie5" <eggie5@.gmail.com> wrote in message
news:1180918088.976008.41270@.q75g2000hsh.googlegro ups.com...
>I have some code (C#) that runs an SQL update query that sets the
> value of a column to what the user passes. So, this causes an error
> when anything the user passes in has a ' character in it. I'm sure
> there's other characters that'll break it too. So, I was wondering,
> how do I get around this? Is there some commonly accepted regex
> pattern that will make the value safe to run in an SQL query? How can
> I take care of any values that need to be escaped?
> I'm not using any fancy ado.net objects:
> string sql= [whatever the user passes in]
> SqlConnection connection = new
> SqlConnection(ConfigurationManager.ConnectionStrin gs[Utils.GetConnectionString].ToString());
> connection.Open();
> SqlCommand command = connection.CreateCommand();
> command.CommandType = CommandType.Text;
> command.CommandText = sql;
>
> try
> {
> int result = command.ExecuteNonQuery();
> if (result != 1)
> {
> Response.StatusCode = 500;
> Response.Write("The file has been uploaded, but we
> could not update the DB");
> Response.End();
> }
> }
> catch (InvalidOperationException)
> {
> Response.Clear();
> Response.Write("error");
> Response.StatusCode = 500;
> Response.End();
> }
> connection.Close();
>
value of a column to what the user passes. So, this causes an error
when anything the user passes in has a ' character in it. I'm sure
there's other characters that'll break it too. So, I was wondering,
how do I get around this? Is there some commonly accepted regex
pattern that will make the value safe to run in an SQL query? How can
I take care of any values that need to be escaped?
I'm not using any fancy ado.net objects:
string sql= [whatever the user passes in]
SqlConnection connection = new
SqlConnection(ConfigurationManager.ConnectionStrin gs[Utils.GetConnectionString].ToString());
connection.Open();
SqlCommand command = connection.CreateCommand();
command.CommandType = CommandType.Text;
command.CommandText = sql;
try
{
int result = command.ExecuteNonQuery();
if (result != 1)
{
Response.StatusCode = 500;
Response.Write("The file has been uploaded, but we
could not update the DB");
Response.End();
}
}
catch (InvalidOperationException)
{
Response.Clear();
Response.Write("error");
Response.StatusCode = 500;
Response.End();
}
connection.Close();
On 6 4 , 8 48 , eggie5 <egg...@.gmail.com> wrote:
> I have some code (C#) that runs an SQL update query that sets the
> value of a column to what the user passes. So, this causes an error
> when anything the user passes in has a ' character in it. I'm sure
> there's other characters that'll break it too. So, I was wondering,
> how do I get around this? Is there some commonly accepted regex
> pattern that will make the value safe to run in an SQL query? How can
> I take care of any values that need to be escaped?
> I'm not using any fancy ado.net objects:
> string sql= [whatever the user passes in]
> SqlConnection connection = new
> SqlConnection(ConfigurationManager.ConnectionStrin gs[Utils.GetConnectionStrXing].ToString());
> connection.Open();
> SqlCommand command = connection.CreateCommand();
> command.CommandType = CommandType.Text;
> command.CommandText = sql;
> try
> {
> int result = command.ExecuteNonQuery();
> if (result != 1)
> {
> Response.StatusCode = 500;
> Response.Write("The file has been uploaded, but we
> could not update the DB");
> Response.End();
> }
> }
> catch (InvalidOperationException)
> {
> Response.Clear();
> Response.Write("error");
> Response.StatusCode = 500;
> Response.End();
> }
> connection.Close();
You can string.replace() method to escape
charater ' by ''(double single quotes).
|||If you post the same question to multiple groups, send the message once and
specify all groups (crosspost) rather than post independent messages. This
courtesy allows everyone involved to track the responses and prevents
duplication of effort.
> Is there some commonly accepted regex
> pattern that will make the value safe to run in an SQL query? How can
> I take care of any values that need to be escaped?
The Best Practice is to use parameters rather than build a SQL statement
string. Not only does this eliminate the need to escape quotes, it's much
more secure because it's not vulnerable to SQL injection. Simple example
below.
command.CommandText = "INSERT INTO dbo.MyTable VALUES(@.UserParameter)";
SqlParameter param = new SqlParameter("@.UserParameter",
userSuppliedValue);
command.Parameters.Add(param);
command.ExecuteNonQuery();
Hope this helps.
Dan Guzman
SQL Server MVP
"eggie5" <eggie5@.gmail.com> wrote in message
news:1180918088.976008.41270@.q75g2000hsh.googlegro ups.com...
>I have some code (C#) that runs an SQL update query that sets the
> value of a column to what the user passes. So, this causes an error
> when anything the user passes in has a ' character in it. I'm sure
> there's other characters that'll break it too. So, I was wondering,
> how do I get around this? Is there some commonly accepted regex
> pattern that will make the value safe to run in an SQL query? How can
> I take care of any values that need to be escaped?
> I'm not using any fancy ado.net objects:
> string sql= [whatever the user passes in]
> SqlConnection connection = new
> SqlConnection(ConfigurationManager.ConnectionStrin gs[Utils.GetConnectionString].ToString());
> connection.Open();
> SqlCommand command = connection.CreateCommand();
> command.CommandType = CommandType.Text;
> command.CommandText = sql;
>
> try
> {
> int result = command.ExecuteNonQuery();
> if (result != 1)
> {
> Response.StatusCode = 500;
> Response.Write("The file has been uploaded, but we
> could not update the DB");
> Response.End();
> }
> }
> catch (InvalidOperationException)
> {
> Response.Clear();
> Response.Write("error");
> Response.StatusCode = 500;
> Response.End();
> }
> connection.Close();
>
escaping data for update query
I have some code (C#) that runs an SQL update query that sets the
value of a column to what the user passes. So, this causes an error
when anything the user passes in has a ' character in it. I'm sure
there's other characters that'll break it too. So, I was wondering,
how do I get around this? Is there some commonly accepted regex
pattern that will make the value safe to run in an SQL query? How can
I take care of any values that need to be escaped?
I'm not using any fancy ado.net objects:
string sql= [whatever the user passes in]
SqlConnection connection = new
SqlConnection(ConfigurationManager.ConnectionStrings[Utils.GetConnectionString].ToString());
connection.Open();
SqlCommand command = connection.CreateCommand();
command.CommandType = CommandType.Text;
command.CommandText = sql;
try
{
int result = command.ExecuteNonQuery();
if (result != 1)
{
Response.StatusCode = 500;
Response.Write("The file has been uploaded, but we
could not update the DB");
Response.End();
}
}
catch (InvalidOperationException)
{
Response.Clear();
Response.Write("error");
Response.StatusCode = 500;
Response.End();
}
connection.Close();On 6 4 , 8 48 , eggie5 <egg...@.gmail.com> wrote:
> I have some code (C#) that runs an SQL update query that sets the
> value of a column to what the user passes. So, this causes an error
> when anything the user passes in has a ' character in it. I'm sure
> there's other characters that'll break it too. So, I was wondering,
> how do I get around this? Is there some commonly accepted regex
> pattern that will make the value safe to run in an SQL query? How can
> I take care of any values that need to be escaped?
> I'm not using any fancy ado.net objects:
> string sql=3D [whatever the user passes in]
> SqlConnection connection =3D new
> SqlConnection(ConfigurationManager.ConnectionStrings[Utils.GetConnectionS=tr=ADing].ToString());
> connection.Open();
> SqlCommand command =3D connection.CreateCommand();
> command.CommandType =3D CommandType.Text;
> command.CommandText =3D sql;
> try
> {
> int result =3D command.ExecuteNonQuery();
> if (result !=3D 1)
> {
> Response.StatusCode =3D 500;
> Response.Write("The file has been uploaded, but we
> could not update the DB");
> Response.End();
> }
> }
> catch (InvalidOperationException)
> {
> Response.Clear();
> Response.Write("error");
> Response.StatusCode =3D 500;
> Response.End();
> }
> connection.Close();
You can string.replace() method to escape
charater ' by ''(double single quotes).|||If you post the same question to multiple groups, send the message once and
specify all groups (crosspost) rather than post independent messages. This
courtesy allows everyone involved to track the responses and prevents
duplication of effort.
> Is there some commonly accepted regex
> pattern that will make the value safe to run in an SQL query? How can
> I take care of any values that need to be escaped?
The Best Practice is to use parameters rather than build a SQL statement
string. Not only does this eliminate the need to escape quotes, it's much
more secure because it's not vulnerable to SQL injection. Simple example
below.
command.CommandText = "INSERT INTO dbo.MyTable VALUES(@.UserParameter)";
SqlParameter param = new SqlParameter("@.UserParameter",
userSuppliedValue);
command.Parameters.Add(param);
command.ExecuteNonQuery();
--
Hope this helps.
Dan Guzman
SQL Server MVP
"eggie5" <eggie5@.gmail.com> wrote in message
news:1180918088.976008.41270@.q75g2000hsh.googlegroups.com...
>I have some code (C#) that runs an SQL update query that sets the
> value of a column to what the user passes. So, this causes an error
> when anything the user passes in has a ' character in it. I'm sure
> there's other characters that'll break it too. So, I was wondering,
> how do I get around this? Is there some commonly accepted regex
> pattern that will make the value safe to run in an SQL query? How can
> I take care of any values that need to be escaped?
> I'm not using any fancy ado.net objects:
> string sql= [whatever the user passes in]
> SqlConnection connection = new
> SqlConnection(ConfigurationManager.ConnectionStrings[Utils.GetConnectionString].ToString());
> connection.Open();
> SqlCommand command = connection.CreateCommand();
> command.CommandType = CommandType.Text;
> command.CommandText = sql;
>
> try
> {
> int result = command.ExecuteNonQuery();
> if (result != 1)
> {
> Response.StatusCode = 500;
> Response.Write("The file has been uploaded, but we
> could not update the DB");
> Response.End();
> }
> }
> catch (InvalidOperationException)
> {
> Response.Clear();
> Response.Write("error");
> Response.StatusCode = 500;
> Response.End();
> }
> connection.Close();
>
value of a column to what the user passes. So, this causes an error
when anything the user passes in has a ' character in it. I'm sure
there's other characters that'll break it too. So, I was wondering,
how do I get around this? Is there some commonly accepted regex
pattern that will make the value safe to run in an SQL query? How can
I take care of any values that need to be escaped?
I'm not using any fancy ado.net objects:
string sql= [whatever the user passes in]
SqlConnection connection = new
SqlConnection(ConfigurationManager.ConnectionStrings[Utils.GetConnectionString].ToString());
connection.Open();
SqlCommand command = connection.CreateCommand();
command.CommandType = CommandType.Text;
command.CommandText = sql;
try
{
int result = command.ExecuteNonQuery();
if (result != 1)
{
Response.StatusCode = 500;
Response.Write("The file has been uploaded, but we
could not update the DB");
Response.End();
}
}
catch (InvalidOperationException)
{
Response.Clear();
Response.Write("error");
Response.StatusCode = 500;
Response.End();
}
connection.Close();On 6 4 , 8 48 , eggie5 <egg...@.gmail.com> wrote:
> I have some code (C#) that runs an SQL update query that sets the
> value of a column to what the user passes. So, this causes an error
> when anything the user passes in has a ' character in it. I'm sure
> there's other characters that'll break it too. So, I was wondering,
> how do I get around this? Is there some commonly accepted regex
> pattern that will make the value safe to run in an SQL query? How can
> I take care of any values that need to be escaped?
> I'm not using any fancy ado.net objects:
> string sql=3D [whatever the user passes in]
> SqlConnection connection =3D new
> SqlConnection(ConfigurationManager.ConnectionStrings[Utils.GetConnectionS=tr=ADing].ToString());
> connection.Open();
> SqlCommand command =3D connection.CreateCommand();
> command.CommandType =3D CommandType.Text;
> command.CommandText =3D sql;
> try
> {
> int result =3D command.ExecuteNonQuery();
> if (result !=3D 1)
> {
> Response.StatusCode =3D 500;
> Response.Write("The file has been uploaded, but we
> could not update the DB");
> Response.End();
> }
> }
> catch (InvalidOperationException)
> {
> Response.Clear();
> Response.Write("error");
> Response.StatusCode =3D 500;
> Response.End();
> }
> connection.Close();
You can string.replace() method to escape
charater ' by ''(double single quotes).|||If you post the same question to multiple groups, send the message once and
specify all groups (crosspost) rather than post independent messages. This
courtesy allows everyone involved to track the responses and prevents
duplication of effort.
> Is there some commonly accepted regex
> pattern that will make the value safe to run in an SQL query? How can
> I take care of any values that need to be escaped?
The Best Practice is to use parameters rather than build a SQL statement
string. Not only does this eliminate the need to escape quotes, it's much
more secure because it's not vulnerable to SQL injection. Simple example
below.
command.CommandText = "INSERT INTO dbo.MyTable VALUES(@.UserParameter)";
SqlParameter param = new SqlParameter("@.UserParameter",
userSuppliedValue);
command.Parameters.Add(param);
command.ExecuteNonQuery();
--
Hope this helps.
Dan Guzman
SQL Server MVP
"eggie5" <eggie5@.gmail.com> wrote in message
news:1180918088.976008.41270@.q75g2000hsh.googlegroups.com...
>I have some code (C#) that runs an SQL update query that sets the
> value of a column to what the user passes. So, this causes an error
> when anything the user passes in has a ' character in it. I'm sure
> there's other characters that'll break it too. So, I was wondering,
> how do I get around this? Is there some commonly accepted regex
> pattern that will make the value safe to run in an SQL query? How can
> I take care of any values that need to be escaped?
> I'm not using any fancy ado.net objects:
> string sql= [whatever the user passes in]
> SqlConnection connection = new
> SqlConnection(ConfigurationManager.ConnectionStrings[Utils.GetConnectionString].ToString());
> connection.Open();
> SqlCommand command = connection.CreateCommand();
> command.CommandType = CommandType.Text;
> command.CommandText = sql;
>
> try
> {
> int result = command.ExecuteNonQuery();
> if (result != 1)
> {
> Response.StatusCode = 500;
> Response.Write("The file has been uploaded, but we
> could not update the DB");
> Response.End();
> }
> }
> catch (InvalidOperationException)
> {
> Response.Clear();
> Response.Write("error");
> Response.StatusCode = 500;
> Response.End();
> }
> connection.Close();
>
escaping data for update query
I have some code (C#) that runs an SQL update query that sets the
value of a column to what the user passes. So, this causes an error
when anything the user passes in has a ' character in it. I'm sure
there's other characters that'll break it too. So, I was wondering,
how do I get around this? Is there some commonly accepted regex
pattern that will make the value safe to run in an SQL query? How can
I take care of any values that need to be escaped?
I'm not using any fancy ado.net objects:
string sql= [whatever the user passes in]
SqlConnection connection = new
SqlConnection(ConfigurationManager.ConnectionStrings[Utils.GetConnection
String].ToString());
connection.Open();
SqlCommand command = connection.CreateCommand();
command.CommandType = CommandType.Text;
command.CommandText = sql;
try
{
int result = command.ExecuteNonQuery();
if (result != 1)
{
Response.StatusCode = 500;
Response.Write("The file has been uploaded, but we
could not update the DB");
Response.End();
}
}
catch (InvalidOperationException)
{
Response.Clear();
Response.Write("error");
Response.StatusCode = 500;
Response.End();
}
connection.Close();On 6 4 , 8 48 , eggie5 <egg...@.gmail.com> wrote:
> I have some code (C#) that runs an SQL update query that sets the
> value of a column to what the user passes. So, this causes an error
> when anything the user passes in has a ' character in it. I'm sure
> there's other characters that'll break it too. So, I was wondering,
> how do I get around this? Is there some commonly accepted regex
> pattern that will make the value safe to run in an SQL query? How can
> I take care of any values that need to be escaped?
> I'm not using any fancy ado.net objects:
> string sql=3D [whatever the user passes in]
> SqlConnection connection =3D new
> SqlConnection(ConfigurationManager.ConnectionStrings[Utils.GetConnectionS=[/vb
col]
tr=ADing].ToString());[vbcol=seagreen]
> connection.Open();
> SqlCommand command =3D connection.CreateCommand();
> command.CommandType =3D CommandType.Text;
> command.CommandText =3D sql;
> try
> {
> int result =3D command.ExecuteNonQuery();
> if (result !=3D 1)
> {
> Response.StatusCode =3D 500;
> Response.Write("The file has been uploaded, but we
> could not update the DB");
> Response.End();
> }
> }
> catch (InvalidOperationException)
> {
> Response.Clear();
> Response.Write("error");
> Response.StatusCode =3D 500;
> Response.End();
> }
> connection.Close();
You can string.replace() method to escape
charater ' by ''(double single quotes).|||If you post the same question to multiple groups, send the message once and
specify all groups (crosspost) rather than post independent messages. This
courtesy allows everyone involved to track the responses and prevents
duplication of effort.
> Is there some commonly accepted regex
> pattern that will make the value safe to run in an SQL query? How can
> I take care of any values that need to be escaped?
The Best Practice is to use parameters rather than build a SQL statement
string. Not only does this eliminate the need to escape quotes, it's much
more secure because it's not vulnerable to SQL injection. Simple example
below.
command.CommandText = "INSERT INTO dbo.MyTable VALUES(@.UserParameter)";
SqlParameter param = new SqlParameter("@.UserParameter",
userSuppliedValue);
command.Parameters.Add(param);
command.ExecuteNonQuery();
Hope this helps.
Dan Guzman
SQL Server MVP
"eggie5" <eggie5@.gmail.com> wrote in message
news:1180918088.976008.41270@.q75g2000hsh.googlegroups.com...
>I have some code (C#) that runs an SQL update query that sets the
> value of a column to what the user passes. So, this causes an error
> when anything the user passes in has a ' character in it. I'm sure
> there's other characters that'll break it too. So, I was wondering,
> how do I get around this? Is there some commonly accepted regex
> pattern that will make the value safe to run in an SQL query? How can
> I take care of any values that need to be escaped?
> I'm not using any fancy ado.net objects:
> string sql= [whatever the user passes in]
> SqlConnection connection = new
> SqlConnection(ConfigurationManager.ConnectionStrings[Utils.GetConnecti
onString].ToString());
> connection.Open();
> SqlCommand command = connection.CreateCommand();
> command.CommandType = CommandType.Text;
> command.CommandText = sql;
>
> try
> {
> int result = command.ExecuteNonQuery();
> if (result != 1)
> {
> Response.StatusCode = 500;
> Response.Write("The file has been uploaded, but we
> could not update the DB");
> Response.End();
> }
> }
> catch (InvalidOperationException)
> {
> Response.Clear();
> Response.Write("error");
> Response.StatusCode = 500;
> Response.End();
> }
> connection.Close();
>
value of a column to what the user passes. So, this causes an error
when anything the user passes in has a ' character in it. I'm sure
there's other characters that'll break it too. So, I was wondering,
how do I get around this? Is there some commonly accepted regex
pattern that will make the value safe to run in an SQL query? How can
I take care of any values that need to be escaped?
I'm not using any fancy ado.net objects:
string sql= [whatever the user passes in]
SqlConnection connection = new
SqlConnection(ConfigurationManager.ConnectionStrings[Utils.GetConnection
String].ToString());
connection.Open();
SqlCommand command = connection.CreateCommand();
command.CommandType = CommandType.Text;
command.CommandText = sql;
try
{
int result = command.ExecuteNonQuery();
if (result != 1)
{
Response.StatusCode = 500;
Response.Write("The file has been uploaded, but we
could not update the DB");
Response.End();
}
}
catch (InvalidOperationException)
{
Response.Clear();
Response.Write("error");
Response.StatusCode = 500;
Response.End();
}
connection.Close();On 6 4 , 8 48 , eggie5 <egg...@.gmail.com> wrote:
> I have some code (C#) that runs an SQL update query that sets the
> value of a column to what the user passes. So, this causes an error
> when anything the user passes in has a ' character in it. I'm sure
> there's other characters that'll break it too. So, I was wondering,
> how do I get around this? Is there some commonly accepted regex
> pattern that will make the value safe to run in an SQL query? How can
> I take care of any values that need to be escaped?
> I'm not using any fancy ado.net objects:
> string sql=3D [whatever the user passes in]
> SqlConnection connection =3D new
> SqlConnection(ConfigurationManager.ConnectionStrings[Utils.GetConnectionS=[/vb
col]
tr=ADing].ToString());[vbcol=seagreen]
> connection.Open();
> SqlCommand command =3D connection.CreateCommand();
> command.CommandType =3D CommandType.Text;
> command.CommandText =3D sql;
> try
> {
> int result =3D command.ExecuteNonQuery();
> if (result !=3D 1)
> {
> Response.StatusCode =3D 500;
> Response.Write("The file has been uploaded, but we
> could not update the DB");
> Response.End();
> }
> }
> catch (InvalidOperationException)
> {
> Response.Clear();
> Response.Write("error");
> Response.StatusCode =3D 500;
> Response.End();
> }
> connection.Close();
You can string.replace() method to escape
charater ' by ''(double single quotes).|||If you post the same question to multiple groups, send the message once and
specify all groups (crosspost) rather than post independent messages. This
courtesy allows everyone involved to track the responses and prevents
duplication of effort.
> Is there some commonly accepted regex
> pattern that will make the value safe to run in an SQL query? How can
> I take care of any values that need to be escaped?
The Best Practice is to use parameters rather than build a SQL statement
string. Not only does this eliminate the need to escape quotes, it's much
more secure because it's not vulnerable to SQL injection. Simple example
below.
command.CommandText = "INSERT INTO dbo.MyTable VALUES(@.UserParameter)";
SqlParameter param = new SqlParameter("@.UserParameter",
userSuppliedValue);
command.Parameters.Add(param);
command.ExecuteNonQuery();
Hope this helps.
Dan Guzman
SQL Server MVP
"eggie5" <eggie5@.gmail.com> wrote in message
news:1180918088.976008.41270@.q75g2000hsh.googlegroups.com...
>I have some code (C#) that runs an SQL update query that sets the
> value of a column to what the user passes. So, this causes an error
> when anything the user passes in has a ' character in it. I'm sure
> there's other characters that'll break it too. So, I was wondering,
> how do I get around this? Is there some commonly accepted regex
> pattern that will make the value safe to run in an SQL query? How can
> I take care of any values that need to be escaped?
> I'm not using any fancy ado.net objects:
> string sql= [whatever the user passes in]
> SqlConnection connection = new
> SqlConnection(ConfigurationManager.ConnectionStrings[Utils.GetConnecti
onString].ToString());
> connection.Open();
> SqlCommand command = connection.CreateCommand();
> command.CommandType = CommandType.Text;
> command.CommandText = sql;
>
> try
> {
> int result = command.ExecuteNonQuery();
> if (result != 1)
> {
> Response.StatusCode = 500;
> Response.Write("The file has been uploaded, but we
> could not update the DB");
> Response.End();
> }
> }
> catch (InvalidOperationException)
> {
> Response.Clear();
> Response.Write("error");
> Response.StatusCode = 500;
> Response.End();
> }
> connection.Close();
>
escaping data for update query
I have some code (C#) that runs an SQL update query that sets the
value of a column to what the user passes. So, this causes an error
when anything the user passes in has a ' character in it. I'm sure
there's other characters that'll break it too. So, I was wondering,
how do I get around this? Is there some commonly accepted regex
pattern that will make the value safe to run in an SQL query? How can
I take care of any values that need to be escaped?
>
>
>
>
>
>
>
value of a column to what the user passes. So, this causes an error
when anything the user passes in has a ' character in it. I'm sure
there's other characters that'll break it too. So, I was wondering,
how do I get around this? Is there some commonly accepted regex
pattern that will make the value safe to run in an SQL query? How can
I take care of any values that need to be escaped?
I'm not using any fancy ado.net objects:
string sql= [whatever the user passes in]
SqlConnection connection = new
SqlConnection(ConfigurationManager.ConnectionStrin gs[Utils.GetConnectionString].ToString());
connection.Open();
SqlCommand command = connection.CreateCommand();
command.CommandType = CommandType.Text;
command.CommandText = sql;
try
{
int result = command.ExecuteNonQuery();
if (result != 1)
{
Response.StatusCode = 500;
Response.Write("The file has been uploaded, but we
could not update the DB");
Response.End();
}
}
catch (InvalidOperationException)
{
Response.Clear();
Response.Write("error");
Response.StatusCode = 500;
Response.End();
}
connection.Close();If you post the same question to multiple groups, send the message once and
specify all groups (crosspost) rather than post independent messages. This
courtesy allows everyone involved to track the responses and prevents
duplication of effort.
This question has been answered in both microsoft.public.sqlserver.server
and microsoft.public.sqlserver.programming.
--
Hope this helps.
Dan Guzman
SQL Server MVP
"eggie5" <eggie5@.gmail.comwrote in message
news:1180917930.810194.38600@.q75g2000hsh.googlegro ups.com...
Quote:
Originally Posted by
>I have some code (C#) that runs an SQL update query that sets the
value of a column to what the user passes. So, this causes an error
when anything the user passes in has a ' character in it. I'm sure
there's other characters that'll break it too. So, I was wondering,
how do I get around this? Is there some commonly accepted regex
pattern that will make the value safe to run in an SQL query? How can
I take care of any values that need to be escaped?
>
I'm not using any fancy ado.net objects:
>
string sql= [whatever the user passes in]
>
SqlConnection connection = new
SqlConnection(ConfigurationManager.ConnectionStrin gs[Utils.GetConnectionString].ToString());
connection.Open();
>
SqlCommand command = connection.CreateCommand();
command.CommandType = CommandType.Text;
command.CommandText = sql;
>
>
try
{
int result = command.ExecuteNonQuery();
>
if (result != 1)
{
Response.StatusCode = 500;
Response.Write("The file has been uploaded, but we
could not update the DB");
Response.End();
}
}
catch (InvalidOperationException)
{
Response.Clear();
Response.Write("error");
Response.StatusCode = 500;
Response.End();
}
>
connection.Close();
>
On Jun 3, 8:18 pm, "Dan Guzman" <guzma...@.nospam-online.sbcglobal.net>
wrote:
Quote:
Originally Posted by
If you post the same question to multiple groups, send the message once and
specify all groups (crosspost) rather than post independent messages. This
courtesy allows everyone involved to track the responses and prevents
duplication of effort.
>
This question has been answered in both microsoft.public.sqlserver.server
and microsoft.public.sqlserver.programming.
>
--
Hope this helps.
>
Dan Guzman
SQL Server MVP
>
"eggie5" <egg...@.gmail.comwrote in message
>
news:1180917930.810194.38600@.q75g2000hsh.googlegro ups.com...
>
Quote:
Originally Posted by
I have some code (C#) that runs an SQL update query that sets the
value of a column to what the user passes. So, this causes an error
when anything the user passes in has a ' character in it. I'm sure
there's other characters that'll break it too. So, I was wondering,
how do I get around this? Is there some commonly accepted regex
pattern that will make the value safe to run in an SQL query? How can
I take care of any values that need to be escaped?
>
Quote:
Originally Posted by
I'm not using any fancy ado.net objects:
>
Quote:
Originally Posted by
string sql= [whatever the user passes in]
>
Quote:
Originally Posted by
SqlConnection connection = new
SqlConnection(ConfigurationManager.ConnectionStrin gs[Utils.GetConnectionStr ing].ToString());
connection.Open();
>
Quote:
Originally Posted by
SqlCommand command = connection.CreateCommand();
command.CommandType = CommandType.Text;
command.CommandText = sql;
>
Quote:
Originally Posted by
try
{
int result = command.ExecuteNonQuery();
>
Quote:
Originally Posted by
if (result != 1)
{
Response.StatusCode = 500;
Response.Write("The file has been uploaded, but we
could not update the DB");
Response.End();
}
}
catch (InvalidOperationException)
{
Response.Clear();
Response.Write("error");
Response.StatusCode = 500;
Response.End();
}
>
Quote:
Originally Posted by
connection.Close();
escaping a transaction
The code is
proc1
begin tgan
insert
exec proc2
commit tran
end
proc2
begin tran
commit tran
exec proc3 -- do not want to it be in the proc1's tran
end
The desire is to escape the execution of proc3 from the transaction started
by proc1.
If you like, the apology for the decision is: The proc3 does some complex
things (a couple of records are inserted, deleted, updated). This must be
done 1) atomically (all or nothing) but the operations are 2) expensive and
3) must always commit. So, for performance reasons, I have decieded to do it
transceding the transaction. In case of failure, which may happen only
because of system shut down, the state can be restored manually.I'm not sure I completely understand your question, however you may want to
take a look at the following stuff.
Check out ROLLBACK TRAN
http://msdn2.microsoft.com/en-us/library/ms181299.aspx
and TRY ... CATCH (SQL 2005 only)
http://msdn2.microsoft.com/en-us/library/ms175976.aspx
--
Ekrem Önsoy
"valentin tihomirov" <V_tihomirov@.best.ee> wrote in message
news:eNi74gCFIHA.3400@.TK2MSFTNGP03.phx.gbl...
> The code is
> proc1
> begin tgan
> insert
> exec proc2
> commit tran
> end
> proc2
> begin tran
> commit tran
> exec proc3 -- do not want to it be in the proc1's tran
> end
> The desire is to escape the execution of proc3 from the transaction
> started by proc1.
> If you like, the apology for the decision is: The proc3 does some complex
> things (a couple of records are inserted, deleted, updated). This must be
> done 1) atomically (all or nothing) but the operations are 2) expensive
> and 3) must always commit. So, for performance reasons, I have decieded to
> do it transceding the transaction. In case of failure, which may happen
> only because of system shut down, the state can be restored manually.
>|||Hi
I am not sure why you would want to do this as it would prolong the length
of the transaction without participating in it!
You may want to look at service broker, you could call xp_cmdshell to run a
query.
John
"valentin tihomirov" wrote:
> The code is
> proc1
> begin tgan
> insert
> exec proc2
> commit tran
> end
> proc2
> begin tran
> commit tran
> exec proc3 -- do not want to it be in the proc1's tran
> end
> The desire is to escape the execution of proc3 from the transaction started
> by proc1.
> If you like, the apology for the decision is: The proc3 does some complex
> things (a couple of records are inserted, deleted, updated). This must be
> done 1) atomically (all or nothing) but the operations are 2) expensive and
> 3) must always commit. So, for performance reasons, I have decieded to do it
> transceding the transaction. In case of failure, which may happen only
> because of system shut down, the state can be restored manually.
>
>|||On 21 Oct, 22:21, "valentin tihomirov" <V_tihomi...@.best.ee> wrote:
> The code is
> proc1
> begin tgan
> insert
> exec proc2
> commit tran
> end
> proc2
> begin tran
> commit tran
> exec proc3 -- do not want to it be in the proc1's tran
> end
> The desire is to escape the execution of proc3 from the transaction started
> by proc1.
> If you like, the apology for the decision is: The proc3 does some complex
> things (a couple of records are inserted, deleted, updated). This must be
> done 1) atomically (all or nothing) but the operations are 2) expensive and
> 3) must always commit. So, for performance reasons, I have decieded to do it
> transceding the transaction. In case of failure, which may happen only
> because of system shut down, the state can be restored manually.
proc1
begin tran
insert
commit tran
exec proc2
end
--
David Portas
proc1
begin tgan
insert
exec proc2
commit tran
end
proc2
begin tran
commit tran
exec proc3 -- do not want to it be in the proc1's tran
end
The desire is to escape the execution of proc3 from the transaction started
by proc1.
If you like, the apology for the decision is: The proc3 does some complex
things (a couple of records are inserted, deleted, updated). This must be
done 1) atomically (all or nothing) but the operations are 2) expensive and
3) must always commit. So, for performance reasons, I have decieded to do it
transceding the transaction. In case of failure, which may happen only
because of system shut down, the state can be restored manually.I'm not sure I completely understand your question, however you may want to
take a look at the following stuff.
Check out ROLLBACK TRAN
http://msdn2.microsoft.com/en-us/library/ms181299.aspx
and TRY ... CATCH (SQL 2005 only)
http://msdn2.microsoft.com/en-us/library/ms175976.aspx
--
Ekrem Önsoy
"valentin tihomirov" <V_tihomirov@.best.ee> wrote in message
news:eNi74gCFIHA.3400@.TK2MSFTNGP03.phx.gbl...
> The code is
> proc1
> begin tgan
> insert
> exec proc2
> commit tran
> end
> proc2
> begin tran
> commit tran
> exec proc3 -- do not want to it be in the proc1's tran
> end
> The desire is to escape the execution of proc3 from the transaction
> started by proc1.
> If you like, the apology for the decision is: The proc3 does some complex
> things (a couple of records are inserted, deleted, updated). This must be
> done 1) atomically (all or nothing) but the operations are 2) expensive
> and 3) must always commit. So, for performance reasons, I have decieded to
> do it transceding the transaction. In case of failure, which may happen
> only because of system shut down, the state can be restored manually.
>|||Hi
I am not sure why you would want to do this as it would prolong the length
of the transaction without participating in it!
You may want to look at service broker, you could call xp_cmdshell to run a
query.
John
"valentin tihomirov" wrote:
> The code is
> proc1
> begin tgan
> insert
> exec proc2
> commit tran
> end
> proc2
> begin tran
> commit tran
> exec proc3 -- do not want to it be in the proc1's tran
> end
> The desire is to escape the execution of proc3 from the transaction started
> by proc1.
> If you like, the apology for the decision is: The proc3 does some complex
> things (a couple of records are inserted, deleted, updated). This must be
> done 1) atomically (all or nothing) but the operations are 2) expensive and
> 3) must always commit. So, for performance reasons, I have decieded to do it
> transceding the transaction. In case of failure, which may happen only
> because of system shut down, the state can be restored manually.
>
>|||On 21 Oct, 22:21, "valentin tihomirov" <V_tihomi...@.best.ee> wrote:
> The code is
> proc1
> begin tgan
> insert
> exec proc2
> commit tran
> end
> proc2
> begin tran
> commit tran
> exec proc3 -- do not want to it be in the proc1's tran
> end
> The desire is to escape the execution of proc3 from the transaction started
> by proc1.
> If you like, the apology for the decision is: The proc3 does some complex
> things (a couple of records are inserted, deleted, updated). This must be
> done 1) atomically (all or nothing) but the operations are 2) expensive and
> 3) must always commit. So, for performance reasons, I have decieded to do it
> transceding the transaction. In case of failure, which may happen only
> because of system shut down, the state can be restored manually.
proc1
begin tran
insert
commit tran
exec proc2
end
--
David Portas
Thursday, March 22, 2012
Escape Sequences
Is there an escape sequence available for the SQL Analyzer that will not
mung the `'` (apostrophe)
If I add it as a parameter in my code, it works, but I am curious to know
all the same.I'm not sure what you mean by "that will not mung the `'` (apostrophe)", but
if you pass a string which includes a single quote, you need to escape that
single quote with a single quote. I.e., double each single quote before
passing the string to SQL Server.
Tibor Karaszi, SQL Server MVP
Archive at:
http://groups.google.com/groups?oi=djq&as_ugroup=microsoft.public.sqlserver
"Wayne M J" <not@.home.nor.bigpuddle.com> wrote in message
news:%23ex1p5wvDHA.2444@.TK2MSFTNGP12.phx.gbl...
> Is there an escape sequence available for the SQL Analyzer that will not
> mung the `'` (apostrophe)
> If I add it as a parameter in my code, it works, but I am curious to know
> all the same.
>|||"Tibor Karaszi" <tibor.please_reply_to_public_forum.karaszi@.cornerstone.se>
wrote in message news:OMO5w8wvDHA.2072@.TK2MSFTNGP10.phx.gbl...
> I'm not sure what you mean by "that will not mung the `'` (apostrophe)",
but
> if you pass a string which includes a single quote, you need to escape
that
> single quote with a single quote. I.e., double each single quote before
> passing the string to SQL Server.
That is exactly what I was looking for.
Thanks.
mung the `'` (apostrophe)
If I add it as a parameter in my code, it works, but I am curious to know
all the same.I'm not sure what you mean by "that will not mung the `'` (apostrophe)", but
if you pass a string which includes a single quote, you need to escape that
single quote with a single quote. I.e., double each single quote before
passing the string to SQL Server.
Tibor Karaszi, SQL Server MVP
Archive at:
http://groups.google.com/groups?oi=djq&as_ugroup=microsoft.public.sqlserver
"Wayne M J" <not@.home.nor.bigpuddle.com> wrote in message
news:%23ex1p5wvDHA.2444@.TK2MSFTNGP12.phx.gbl...
> Is there an escape sequence available for the SQL Analyzer that will not
> mung the `'` (apostrophe)
> If I add it as a parameter in my code, it works, but I am curious to know
> all the same.
>|||"Tibor Karaszi" <tibor.please_reply_to_public_forum.karaszi@.cornerstone.se>
wrote in message news:OMO5w8wvDHA.2072@.TK2MSFTNGP10.phx.gbl...
> I'm not sure what you mean by "that will not mung the `'` (apostrophe)",
but
> if you pass a string which includes a single quote, you need to escape
that
> single quote with a single quote. I.e., double each single quote before
> passing the string to SQL Server.
That is exactly what I was looking for.
Thanks.
Friday, March 9, 2012
Errors adding a column in 64-bit version
I have run into an interesting problem. I have some code that adds a column to an existing table. The column is set as primary key, identity and clustered. On the 32-bit version of SQL 2005 it works fine. It fails on the 64-bit version of 2005 intermittently with a "could not create unique index because duplicate values were found". Kind of odd, considering as an identity field it's creating the values. I was able to recreate the problem with the following schema:
Create table test1
(col1 varchar(20),
col2 varchar(20),
col3 uniqueidentifier default newid())
-- insert data
Declare @.counter int
set @.counter=1
While @.counter < 1000000
BEGIN
insert into test1
values ('Joe','Smith',default)
Set @.counter=@.counter+1
END
-- add column
Alter table test1 add col4 int constraint PK_test1 primary key clustered identity
After Running this, I get this error:
CREATE UNIQUE INDEX terminated because a duplicate key was found for object name 'dbo.Test1' and index name 'PK_test1'. The duplicate key value is (28).
Anybody else run into this? Why would this be happening, and is there any way to fix it? I'm running the 64-bit version of Windows 2003 and the the 64-bit version of SQL Server 2005.
Thanks in advance,
Mark
Could you please file a bug with these details / repro steps at the MSDN Product Feedback Center? I do not have a 64-bit m/c to try this out. Also, please mention the editions of Windows and SQL Server (x64, IA, EMT). Thanks.Wednesday, March 7, 2012
ErrorColumn field from Datasource Error Output
Hi,
The problem is, ErrorColumn contains ID. Is the following code reference safe ?
columnname = Me.ComponentMetaData.InputCollection.FindObjectByID(Row.ErrorColumn).Name
Is there any possibility for FindObjectByID to return NULL Reference in any case ?In many cases ErrorColumn is NULL.|||It contains ID, how do I translate it to Column Name ?
I have defined names in connection manager.|||I don't believe you can.|||Why I couldnt ?
That sucks|||
Fahad349 wrote:
Why I couldnt ? That sucks
Because the column ID is the metadata ID of the column in the previous component, not the current component. So the ID being passed in isn't in the current component's metadata.
Indeed it isn't the best situation.
|||Dang on SQL Server teamIs there any harder way to do it ?|||
Dang on SQL Server team Is there any harder way to do it ?
You are welcome to submit a feature request: http://connect.microsoft.com/sqlserver/feedback
ErrorCode 1038 during push replication
I’m setting up transactional replication, the snapshot generates fine, but I
get error code 1038 “Cannot use empty object or column names. Use a single
space if necessary.” when the distribution agent does the push replication
and reaches a particular SP.
Something to note is that table names wrapped in brackets (found in SQL
scripts in the snapshot folder) are being converted to quotation, is that
caused by SET QUOTED_IDENTIFIER ON?
so this: FROM [Pub_Articles-Keywords] StaArtK
is converted to: FROM "Pub_Articles-Keywords" StaArtK
The following is the detailed error log. Your help is appreciated.
[12/20/2005 4:44:00 PM]SERVER2.Keyword DB: SET QUOTED_IDENTIFIER ON
[12/20/2005 4:44:00 PM]SERVER2.Keyword DB: drop procedure
"sp_Search_KeywordBrowser"
[12/20/2005 4:44:00 PM]SERVER2.Keyword DB: CREATE PROCEDURE
"sp_Search_KeywordBrowser"
@.KeywordRoot int,
@.ArtRoot int,
@.start varchar(4) = '0',
@.quantity varchar(3) = '10',
@.Sort varchar(25) = 'priority',
@.YahooRoot int = 0
AS
if @.yahooroot = 0 set @.YahooRoot = @.ArtRoot
CREATE TABLE #TempTable
(PK int IDENTITY,
ArticleID int,
Link int,
priority int,
created datetime)
SET NOCOUNT ON
Insert INTO #TempTable (articleid, link, priority, created)
SELECT StaArtK.ArticleID ArticleID, A.Link Link,
StaArtK.priority, coalesce (b.posteddate1, a.posteddate1, a.created)
FROM "Pub_Articles-Keywords" StaArtK
JOIN Pub_Articles AS A ON StaArtK.ArticleID = A.ArticleID
left join Pub_Articles B on a.link = b.articleid
JOIN SpeedIndexes.dbo.Pub_Articles_Static AS pas ON Pas.BranchID =
StaArtK.ArticleID
WHERE StaArtK.KeywordID = @.KeywordRoot AND pas.ParentID = @.ArtRoot
AND StaArtK.articleid not in (select articleid from
SpeedIndexes.dbo."Pub_Articles-Keywords_Static" where
keywordid = 272 or keywordid = 2471) and StaArtK.block = 0
Insert INTO #TempTable (articleid, link, priority, created)
SELECT StaArtK.ArticleID ArticleID, A.Link Link,
pak.priority, coalesce (b.posteddate1, a.posteddate1, a.created)
FROM SpeedIndexes.dbo."Pub_Articles-Keywords_static" StaArtK
JOIN Pub_Articles AS A ON StaArtK.ArticleID = A.ArticleID
left join Pub_Articles B on a.link = b.articleid
JOIN SpeedIndexes.dbo.Pub_Articles_Static AS pas ON Pas.BranchID =
StaArtK.ArticleID
Join "pub_articles-keywords" pak on StaArtK.nativeid = pak.articleid and
StaArtK.keywordid = pak.keywordid
WHERE StaArtK.KeywordID = @.KeywordRoot AND pas.ParentID = @.ArtRoot
AND StaArtK.articleid not in (select articleid from
SpeedIndexes.dbo."Pub_Articles-Keywords_Static" where
keywordid = 272 or keywordid = 2471)
and StaArtK.nativeid not in (select articleid from #temptable)
update t set t.ArticleID = st.nativeid from #TempTable t join
speedindexes.dbo."pub_articles-keywords_static" st on t.articleid =
st.articleid where st.keywordid = 1060 and t.articleid <> st.nativeid
delete #tempTable where pk not in (select Max(pk) from #tempTable group by
articleid)
DELETE #TempTable WHERE (Link <> 0 AND Link IN (SELECT ArticleID FROM
#TempTable))
--Remove Links that have 'cousin links' in the result set
--OR (ArticleID NOT IN
--(SELECT TOP 1 ArticleID
--FROM #TempTable
-- GROUP BY Link, ArticleID
--HAVING COUNT(Link) > 1) AND Link <> 0)
declare @.resultcount int
set @.resultcount = (select count(*) from #TempTable)
declare @.sql nvarchar(500)
set @.sql = 'delete #TempTable where articleid not in (SELECT top ' +
@.quantity + ' articleid FROM #TempTable where pk not in (select top ' +
@.start + ' pk from #TempTable order by ' + @.sort + ' , pk) ORDER BY ' + @.sort
+ ', pk) '
EXEC sp_executesql @.sql
SELECT t.priority, a.ArticleID,
isnull(dbo.SF_PUB_GetAuthorByline(a.articleid),"") toptext,
dbo.SF_Pub_GetArticlePath (a.articleid,@.YahooRoot) path, t.created,
COALESCE (A.Title2, A2.Title2, A.Title1, A2.Title1) Title ,
COALESCE(a.subtitle, a2.subtitle,'') subtitle,
isnull(dbo.SF_PUB_GetInhKeywordID(a.articleid, 6913),0) DocType,
COALESCE(A.Synopsis0, A2.Synopsis0, A.Synopsis1, A2.Synopsis1,
A.Synopsis2, A2.Synopsis2, A.body, A2.Body, '') AS Synopsis
FROM #TempTable t
join pub_articles a on t.articleid = a.articleid left join
pub_articles a2 on a.link = a2.articleid
order by
case when @.sort = 'priority' or @.sort = 'priority,created' then
t.priority else '' end,
case when @.sort = 'created' or @.sort = 'priority,created' then
a.posteddate1 elsAgent message code 20046. Cannot use empty object or column
names. Use a single space if necessary.
[12/20/2005 4:44:00 PM]SERVER1.distribution: {call
sp_MSadd_distribution_history(7, 6, ?, ?, 0, 0, 0.00, 0x01, 1, ?, 20, 0x01,
0x01)}
Adding alert to msdb..sysreplicationalerts: ErrorId = 21,
Transaction Seqno = 000275890000022200b100000001, Command ID = 20
Message: Replication-Replication Distribution Subsystem: agent
SERVER1-Keyword DB-SERVER2-7 failed. Cannot use empty object or column names.
Use a single space if necessary.[12/20/2005 4:44:00 PM]SERVER1.distribution:
{call sp_MSadd_repl_alert(3, 7, 21, 14151, ?, 20, N'SERVER1', N'Keyword DB',
N'SERVER2', N'Keyword DB', ?)}
ErrorId = 21, SourceTypeId = 5
ErrorCode = '1038'
ErrorText = 'Cannot use empty object or column names. Use a single space if
necessary.'
[12/20/2005 4:44:00 PM]SERVER1.distribution: {call sp_MSadd_repl_error(21,
0, 5, ?, N'1038', ?)}
Category:SQLSERVER
Source: SERVER2
Number: 1038
Message: Cannot use empty object or column names. Use a single space if
necessary.
[12/20/2005 4:44:00 PM]SERVER2.Keyword DB: exec dbo.sp_MSupdatelastsyncinfo
N'SERVER1',N'Keyword DB', N'', 0, 6, N'Cannot use empty object or column
names. Use a single space if necessary.'
Disconnecting from Subscriber 'SERVER2'
Disconnecting from Distributor 'SERVER1'
Disconnecting from Distributor History 'SERVER1'
Thanks,
- Moshe
Hi Moshe,
You would need to replace the "" in the following code fragment with '':
SELECT t.priority, a.ArticleID,
isnull(dbo.SF_PUB_GetAuthorByline(a.articleid),"") toptext,
To make your procedure compliant with quoted_identifier on setting. You can
search this newsgroup for some of the responses I made in the past on how
this came to be. Note that this translation should be done automatically for
you by the SQL2005 snapshot agent.
HTH
-Raymond
"Moshe" wrote:
> I’m setting up transactional replication, the snapshot generates fine, but I
> get error code 1038 “Cannot use empty object or column names. Use a single
> space if necessary.” when the distribution agent does the push replication
> and reaches a particular SP.
> Something to note is that table names wrapped in brackets (found in SQL
> scripts in the snapshot folder) are being converted to quotation, is that
> caused by SET QUOTED_IDENTIFIER ON?
> so this: FROM [Pub_Articles-Keywords] StaArtK
> is converted to: FROM "Pub_Articles-Keywords" StaArtK
> The following is the detailed error log. Your help is appreciated.
> [12/20/2005 4:44:00 PM]SERVER2.Keyword DB: SET QUOTED_IDENTIFIER ON
> [12/20/2005 4:44:00 PM]SERVER2.Keyword DB: drop procedure
> "sp_Search_KeywordBrowser"
> [12/20/2005 4:44:00 PM]SERVER2.Keyword DB: CREATE PROCEDURE
> "sp_Search_KeywordBrowser"
> @.KeywordRoot int,
> @.ArtRoot int,
> @.start varchar(4) = '0',
> @.quantity varchar(3) = '10',
> @.Sort varchar(25) = 'priority',
> @.YahooRoot int = 0
> AS
>
> if @.yahooroot = 0 set @.YahooRoot = @.ArtRoot
> CREATE TABLE #TempTable
> (PK int IDENTITY,
> ArticleID int,
> Link int,
> priority int,
> created datetime)
> SET NOCOUNT ON
> Insert INTO #TempTable (articleid, link, priority, created)
> SELECT StaArtK.ArticleID ArticleID, A.Link Link,
> StaArtK.priority, coalesce (b.posteddate1, a.posteddate1, a.created)
> FROM "Pub_Articles-Keywords" StaArtK
> JOIN Pub_Articles AS A ON StaArtK.ArticleID = A.ArticleID
> left join Pub_Articles B on a.link = b.articleid
> JOIN SpeedIndexes.dbo.Pub_Articles_Static AS pas ON Pas.BranchID =
> StaArtK.ArticleID
> WHERE StaArtK.KeywordID = @.KeywordRoot AND pas.ParentID = @.ArtRoot
> AND StaArtK.articleid not in (select articleid from
> SpeedIndexes.dbo."Pub_Articles-Keywords_Static" where
> keywordid = 272 or keywordid = 2471) and StaArtK.block = 0
>
> Insert INTO #TempTable (articleid, link, priority, created)
> SELECT StaArtK.ArticleID ArticleID, A.Link Link,
> pak.priority, coalesce (b.posteddate1, a.posteddate1, a.created)
> FROM SpeedIndexes.dbo."Pub_Articles-Keywords_static" StaArtK
> JOIN Pub_Articles AS A ON StaArtK.ArticleID = A.ArticleID
> left join Pub_Articles B on a.link = b.articleid
> JOIN SpeedIndexes.dbo.Pub_Articles_Static AS pas ON Pas.BranchID =
> StaArtK.ArticleID
> Join "pub_articles-keywords" pak on StaArtK.nativeid = pak.articleid and
> StaArtK.keywordid = pak.keywordid
> WHERE StaArtK.KeywordID = @.KeywordRoot AND pas.ParentID = @.ArtRoot
> AND StaArtK.articleid not in (select articleid from
> SpeedIndexes.dbo."Pub_Articles-Keywords_Static" where
> keywordid = 272 or keywordid = 2471)
> and StaArtK.nativeid not in (select articleid from #temptable)
>
> update t set t.ArticleID = st.nativeid from #TempTable t join
> speedindexes.dbo."pub_articles-keywords_static" st on t.articleid =
> st.articleid where st.keywordid = 1060 and t.articleid <> st.nativeid
> delete #tempTable where pk not in (select Max(pk) from #tempTable group by
> articleid)
>
> DELETE #TempTable WHERE (Link <> 0 AND Link IN (SELECT ArticleID FROM
> #TempTable))
> --Remove Links that have 'cousin links' in the result set
> --OR (ArticleID NOT IN
> --(SELECT TOP 1 ArticleID
> --FROM #TempTable
> -- GROUP BY Link, ArticleID
> --HAVING COUNT(Link) > 1) AND Link <> 0)
>
> declare @.resultcount int
> set @.resultcount = (select count(*) from #TempTable)
>
> declare @.sql nvarchar(500)
> set @.sql = 'delete #TempTable where articleid not in (SELECT top ' +
> @.quantity + ' articleid FROM #TempTable where pk not in (select top ' +
> @.start + ' pk from #TempTable order by ' + @.sort + ' , pk) ORDER BY ' + @.sort
> + ', pk) '
> EXEC sp_executesql @.sql
> SELECT t.priority, a.ArticleID,
> isnull(dbo.SF_PUB_GetAuthorByline(a.articleid),"") toptext,
> dbo.SF_Pub_GetArticlePath (a.articleid,@.YahooRoot) path, t.created,
> COALESCE (A.Title2, A2.Title2, A.Title1, A2.Title1) Title ,
> COALESCE(a.subtitle, a2.subtitle,'') subtitle,
> isnull(dbo.SF_PUB_GetInhKeywordID(a.articleid, 6913),0) DocType,
> COALESCE(A.Synopsis0, A2.Synopsis0, A.Synopsis1, A2.Synopsis1,
> A.Synopsis2, A2.Synopsis2, A.body, A2.Body, '') AS Synopsis
> FROM #TempTable t
> join pub_articles a on t.articleid = a.articleid left join
> pub_articles a2 on a.link = a2.articleid
> order by
> case when @.sort = 'priority' or @.sort = 'priority,created' then
> t.priority else '' end,
> case when @.sort = 'created' or @.sort = 'priority,created' then
> a.posteddate1 elsAgent message code 20046. Cannot use empty object or column
> names. Use a single space if necessary.
> [12/20/2005 4:44:00 PM]SERVER1.distribution: {call
> sp_MSadd_distribution_history(7, 6, ?, ?, 0, 0, 0.00, 0x01, 1, ?, 20, 0x01,
> 0x01)}
> Adding alert to msdb..sysreplicationalerts: ErrorId = 21,
> Transaction Seqno = 000275890000022200b100000001, Command ID = 20
> Message: Replication-Replication Distribution Subsystem: agent
> SERVER1-Keyword DB-SERVER2-7 failed. Cannot use empty object or column names.
> Use a single space if necessary.[12/20/2005 4:44:00 PM]SERVER1.distribution:
> {call sp_MSadd_repl_alert(3, 7, 21, 14151, ?, 20, N'SERVER1', N'Keyword DB',
> N'SERVER2', N'Keyword DB', ?)}
> ErrorId = 21, SourceTypeId = 5
> ErrorCode = '1038'
> ErrorText = 'Cannot use empty object or column names. Use a single space if
> necessary.'
> [12/20/2005 4:44:00 PM]SERVER1.distribution: {call sp_MSadd_repl_error(21,
> 0, 5, ?, N'1038', ?)}
> Category:SQLSERVER
> Source: SERVER2
> Number: 1038
> Message: Cannot use empty object or column names. Use a single space if
> necessary.
> [12/20/2005 4:44:00 PM]SERVER2.Keyword DB: exec dbo.sp_MSupdatelastsyncinfo
> N'SERVER1',N'Keyword DB', N'', 0, 6, N'Cannot use empty object or column
> names. Use a single space if necessary.'
> Disconnecting from Subscriber 'SERVER2'
> Disconnecting from Distributor 'SERVER1'
> Disconnecting from Distributor History 'SERVER1'
> Thanks,
> - Moshe
get error code 1038 “Cannot use empty object or column names. Use a single
space if necessary.” when the distribution agent does the push replication
and reaches a particular SP.
Something to note is that table names wrapped in brackets (found in SQL
scripts in the snapshot folder) are being converted to quotation, is that
caused by SET QUOTED_IDENTIFIER ON?
so this: FROM [Pub_Articles-Keywords] StaArtK
is converted to: FROM "Pub_Articles-Keywords" StaArtK
The following is the detailed error log. Your help is appreciated.
[12/20/2005 4:44:00 PM]SERVER2.Keyword DB: SET QUOTED_IDENTIFIER ON
[12/20/2005 4:44:00 PM]SERVER2.Keyword DB: drop procedure
"sp_Search_KeywordBrowser"
[12/20/2005 4:44:00 PM]SERVER2.Keyword DB: CREATE PROCEDURE
"sp_Search_KeywordBrowser"
@.KeywordRoot int,
@.ArtRoot int,
@.start varchar(4) = '0',
@.quantity varchar(3) = '10',
@.Sort varchar(25) = 'priority',
@.YahooRoot int = 0
AS
if @.yahooroot = 0 set @.YahooRoot = @.ArtRoot
CREATE TABLE #TempTable
(PK int IDENTITY,
ArticleID int,
Link int,
priority int,
created datetime)
SET NOCOUNT ON
Insert INTO #TempTable (articleid, link, priority, created)
SELECT StaArtK.ArticleID ArticleID, A.Link Link,
StaArtK.priority, coalesce (b.posteddate1, a.posteddate1, a.created)
FROM "Pub_Articles-Keywords" StaArtK
JOIN Pub_Articles AS A ON StaArtK.ArticleID = A.ArticleID
left join Pub_Articles B on a.link = b.articleid
JOIN SpeedIndexes.dbo.Pub_Articles_Static AS pas ON Pas.BranchID =
StaArtK.ArticleID
WHERE StaArtK.KeywordID = @.KeywordRoot AND pas.ParentID = @.ArtRoot
AND StaArtK.articleid not in (select articleid from
SpeedIndexes.dbo."Pub_Articles-Keywords_Static" where
keywordid = 272 or keywordid = 2471) and StaArtK.block = 0
Insert INTO #TempTable (articleid, link, priority, created)
SELECT StaArtK.ArticleID ArticleID, A.Link Link,
pak.priority, coalesce (b.posteddate1, a.posteddate1, a.created)
FROM SpeedIndexes.dbo."Pub_Articles-Keywords_static" StaArtK
JOIN Pub_Articles AS A ON StaArtK.ArticleID = A.ArticleID
left join Pub_Articles B on a.link = b.articleid
JOIN SpeedIndexes.dbo.Pub_Articles_Static AS pas ON Pas.BranchID =
StaArtK.ArticleID
Join "pub_articles-keywords" pak on StaArtK.nativeid = pak.articleid and
StaArtK.keywordid = pak.keywordid
WHERE StaArtK.KeywordID = @.KeywordRoot AND pas.ParentID = @.ArtRoot
AND StaArtK.articleid not in (select articleid from
SpeedIndexes.dbo."Pub_Articles-Keywords_Static" where
keywordid = 272 or keywordid = 2471)
and StaArtK.nativeid not in (select articleid from #temptable)
update t set t.ArticleID = st.nativeid from #TempTable t join
speedindexes.dbo."pub_articles-keywords_static" st on t.articleid =
st.articleid where st.keywordid = 1060 and t.articleid <> st.nativeid
delete #tempTable where pk not in (select Max(pk) from #tempTable group by
articleid)
DELETE #TempTable WHERE (Link <> 0 AND Link IN (SELECT ArticleID FROM
#TempTable))
--Remove Links that have 'cousin links' in the result set
--OR (ArticleID NOT IN
--(SELECT TOP 1 ArticleID
--FROM #TempTable
-- GROUP BY Link, ArticleID
--HAVING COUNT(Link) > 1) AND Link <> 0)
declare @.resultcount int
set @.resultcount = (select count(*) from #TempTable)
declare @.sql nvarchar(500)
set @.sql = 'delete #TempTable where articleid not in (SELECT top ' +
@.quantity + ' articleid FROM #TempTable where pk not in (select top ' +
@.start + ' pk from #TempTable order by ' + @.sort + ' , pk) ORDER BY ' + @.sort
+ ', pk) '
EXEC sp_executesql @.sql
SELECT t.priority, a.ArticleID,
isnull(dbo.SF_PUB_GetAuthorByline(a.articleid),"") toptext,
dbo.SF_Pub_GetArticlePath (a.articleid,@.YahooRoot) path, t.created,
COALESCE (A.Title2, A2.Title2, A.Title1, A2.Title1) Title ,
COALESCE(a.subtitle, a2.subtitle,'') subtitle,
isnull(dbo.SF_PUB_GetInhKeywordID(a.articleid, 6913),0) DocType,
COALESCE(A.Synopsis0, A2.Synopsis0, A.Synopsis1, A2.Synopsis1,
A.Synopsis2, A2.Synopsis2, A.body, A2.Body, '') AS Synopsis
FROM #TempTable t
join pub_articles a on t.articleid = a.articleid left join
pub_articles a2 on a.link = a2.articleid
order by
case when @.sort = 'priority' or @.sort = 'priority,created' then
t.priority else '' end,
case when @.sort = 'created' or @.sort = 'priority,created' then
a.posteddate1 elsAgent message code 20046. Cannot use empty object or column
names. Use a single space if necessary.
[12/20/2005 4:44:00 PM]SERVER1.distribution: {call
sp_MSadd_distribution_history(7, 6, ?, ?, 0, 0, 0.00, 0x01, 1, ?, 20, 0x01,
0x01)}
Adding alert to msdb..sysreplicationalerts: ErrorId = 21,
Transaction Seqno = 000275890000022200b100000001, Command ID = 20
Message: Replication-Replication Distribution Subsystem: agent
SERVER1-Keyword DB-SERVER2-7 failed. Cannot use empty object or column names.
Use a single space if necessary.[12/20/2005 4:44:00 PM]SERVER1.distribution:
{call sp_MSadd_repl_alert(3, 7, 21, 14151, ?, 20, N'SERVER1', N'Keyword DB',
N'SERVER2', N'Keyword DB', ?)}
ErrorId = 21, SourceTypeId = 5
ErrorCode = '1038'
ErrorText = 'Cannot use empty object or column names. Use a single space if
necessary.'
[12/20/2005 4:44:00 PM]SERVER1.distribution: {call sp_MSadd_repl_error(21,
0, 5, ?, N'1038', ?)}
Category:SQLSERVER
Source: SERVER2
Number: 1038
Message: Cannot use empty object or column names. Use a single space if
necessary.
[12/20/2005 4:44:00 PM]SERVER2.Keyword DB: exec dbo.sp_MSupdatelastsyncinfo
N'SERVER1',N'Keyword DB', N'', 0, 6, N'Cannot use empty object or column
names. Use a single space if necessary.'
Disconnecting from Subscriber 'SERVER2'
Disconnecting from Distributor 'SERVER1'
Disconnecting from Distributor History 'SERVER1'
Thanks,
- Moshe
Hi Moshe,
You would need to replace the "" in the following code fragment with '':
SELECT t.priority, a.ArticleID,
isnull(dbo.SF_PUB_GetAuthorByline(a.articleid),"") toptext,
To make your procedure compliant with quoted_identifier on setting. You can
search this newsgroup for some of the responses I made in the past on how
this came to be. Note that this translation should be done automatically for
you by the SQL2005 snapshot agent.
HTH
-Raymond
"Moshe" wrote:
> I’m setting up transactional replication, the snapshot generates fine, but I
> get error code 1038 “Cannot use empty object or column names. Use a single
> space if necessary.” when the distribution agent does the push replication
> and reaches a particular SP.
> Something to note is that table names wrapped in brackets (found in SQL
> scripts in the snapshot folder) are being converted to quotation, is that
> caused by SET QUOTED_IDENTIFIER ON?
> so this: FROM [Pub_Articles-Keywords] StaArtK
> is converted to: FROM "Pub_Articles-Keywords" StaArtK
> The following is the detailed error log. Your help is appreciated.
> [12/20/2005 4:44:00 PM]SERVER2.Keyword DB: SET QUOTED_IDENTIFIER ON
> [12/20/2005 4:44:00 PM]SERVER2.Keyword DB: drop procedure
> "sp_Search_KeywordBrowser"
> [12/20/2005 4:44:00 PM]SERVER2.Keyword DB: CREATE PROCEDURE
> "sp_Search_KeywordBrowser"
> @.KeywordRoot int,
> @.ArtRoot int,
> @.start varchar(4) = '0',
> @.quantity varchar(3) = '10',
> @.Sort varchar(25) = 'priority',
> @.YahooRoot int = 0
> AS
>
> if @.yahooroot = 0 set @.YahooRoot = @.ArtRoot
> CREATE TABLE #TempTable
> (PK int IDENTITY,
> ArticleID int,
> Link int,
> priority int,
> created datetime)
> SET NOCOUNT ON
> Insert INTO #TempTable (articleid, link, priority, created)
> SELECT StaArtK.ArticleID ArticleID, A.Link Link,
> StaArtK.priority, coalesce (b.posteddate1, a.posteddate1, a.created)
> FROM "Pub_Articles-Keywords" StaArtK
> JOIN Pub_Articles AS A ON StaArtK.ArticleID = A.ArticleID
> left join Pub_Articles B on a.link = b.articleid
> JOIN SpeedIndexes.dbo.Pub_Articles_Static AS pas ON Pas.BranchID =
> StaArtK.ArticleID
> WHERE StaArtK.KeywordID = @.KeywordRoot AND pas.ParentID = @.ArtRoot
> AND StaArtK.articleid not in (select articleid from
> SpeedIndexes.dbo."Pub_Articles-Keywords_Static" where
> keywordid = 272 or keywordid = 2471) and StaArtK.block = 0
>
> Insert INTO #TempTable (articleid, link, priority, created)
> SELECT StaArtK.ArticleID ArticleID, A.Link Link,
> pak.priority, coalesce (b.posteddate1, a.posteddate1, a.created)
> FROM SpeedIndexes.dbo."Pub_Articles-Keywords_static" StaArtK
> JOIN Pub_Articles AS A ON StaArtK.ArticleID = A.ArticleID
> left join Pub_Articles B on a.link = b.articleid
> JOIN SpeedIndexes.dbo.Pub_Articles_Static AS pas ON Pas.BranchID =
> StaArtK.ArticleID
> Join "pub_articles-keywords" pak on StaArtK.nativeid = pak.articleid and
> StaArtK.keywordid = pak.keywordid
> WHERE StaArtK.KeywordID = @.KeywordRoot AND pas.ParentID = @.ArtRoot
> AND StaArtK.articleid not in (select articleid from
> SpeedIndexes.dbo."Pub_Articles-Keywords_Static" where
> keywordid = 272 or keywordid = 2471)
> and StaArtK.nativeid not in (select articleid from #temptable)
>
> update t set t.ArticleID = st.nativeid from #TempTable t join
> speedindexes.dbo."pub_articles-keywords_static" st on t.articleid =
> st.articleid where st.keywordid = 1060 and t.articleid <> st.nativeid
> delete #tempTable where pk not in (select Max(pk) from #tempTable group by
> articleid)
>
> DELETE #TempTable WHERE (Link <> 0 AND Link IN (SELECT ArticleID FROM
> #TempTable))
> --Remove Links that have 'cousin links' in the result set
> --OR (ArticleID NOT IN
> --(SELECT TOP 1 ArticleID
> --FROM #TempTable
> -- GROUP BY Link, ArticleID
> --HAVING COUNT(Link) > 1) AND Link <> 0)
>
> declare @.resultcount int
> set @.resultcount = (select count(*) from #TempTable)
>
> declare @.sql nvarchar(500)
> set @.sql = 'delete #TempTable where articleid not in (SELECT top ' +
> @.quantity + ' articleid FROM #TempTable where pk not in (select top ' +
> @.start + ' pk from #TempTable order by ' + @.sort + ' , pk) ORDER BY ' + @.sort
> + ', pk) '
> EXEC sp_executesql @.sql
> SELECT t.priority, a.ArticleID,
> isnull(dbo.SF_PUB_GetAuthorByline(a.articleid),"") toptext,
> dbo.SF_Pub_GetArticlePath (a.articleid,@.YahooRoot) path, t.created,
> COALESCE (A.Title2, A2.Title2, A.Title1, A2.Title1) Title ,
> COALESCE(a.subtitle, a2.subtitle,'') subtitle,
> isnull(dbo.SF_PUB_GetInhKeywordID(a.articleid, 6913),0) DocType,
> COALESCE(A.Synopsis0, A2.Synopsis0, A.Synopsis1, A2.Synopsis1,
> A.Synopsis2, A2.Synopsis2, A.body, A2.Body, '') AS Synopsis
> FROM #TempTable t
> join pub_articles a on t.articleid = a.articleid left join
> pub_articles a2 on a.link = a2.articleid
> order by
> case when @.sort = 'priority' or @.sort = 'priority,created' then
> t.priority else '' end,
> case when @.sort = 'created' or @.sort = 'priority,created' then
> a.posteddate1 elsAgent message code 20046. Cannot use empty object or column
> names. Use a single space if necessary.
> [12/20/2005 4:44:00 PM]SERVER1.distribution: {call
> sp_MSadd_distribution_history(7, 6, ?, ?, 0, 0, 0.00, 0x01, 1, ?, 20, 0x01,
> 0x01)}
> Adding alert to msdb..sysreplicationalerts: ErrorId = 21,
> Transaction Seqno = 000275890000022200b100000001, Command ID = 20
> Message: Replication-Replication Distribution Subsystem: agent
> SERVER1-Keyword DB-SERVER2-7 failed. Cannot use empty object or column names.
> Use a single space if necessary.[12/20/2005 4:44:00 PM]SERVER1.distribution:
> {call sp_MSadd_repl_alert(3, 7, 21, 14151, ?, 20, N'SERVER1', N'Keyword DB',
> N'SERVER2', N'Keyword DB', ?)}
> ErrorId = 21, SourceTypeId = 5
> ErrorCode = '1038'
> ErrorText = 'Cannot use empty object or column names. Use a single space if
> necessary.'
> [12/20/2005 4:44:00 PM]SERVER1.distribution: {call sp_MSadd_repl_error(21,
> 0, 5, ?, N'1038', ?)}
> Category:SQLSERVER
> Source: SERVER2
> Number: 1038
> Message: Cannot use empty object or column names. Use a single space if
> necessary.
> [12/20/2005 4:44:00 PM]SERVER2.Keyword DB: exec dbo.sp_MSupdatelastsyncinfo
> N'SERVER1',N'Keyword DB', N'', 0, 6, N'Cannot use empty object or column
> names. Use a single space if necessary.'
> Disconnecting from Subscriber 'SERVER2'
> Disconnecting from Distributor 'SERVER1'
> Disconnecting from Distributor History 'SERVER1'
> Thanks,
> - Moshe
Sunday, February 26, 2012
error_number() won't return error code
hi all,
i have sql statement in ExecuteSQLTask, connecting to AdventureWorks
BEGIN TRY
insert into person.contacts(contactid) values (1);
END TRY
BEGIN CATCH
SELECT ERROR_NUMBER() AS ErrorNumber;
END CATCH;
i purposely put a table that does not exist in the database to catch
the error. however, the error number that is 208 won't appear, instead
the whole error message will be displayed.
if i change the query in try block to
insert into person.contact(contactid) values (1);
it'll return the error number 544, which is correct.
what did i do wrong?
thanks!
You did nothing wrong.
Try/Catch doesn't catch all errors, specifically compile time errors (there are a few others). Try running the following, "more obvious" compile time error. This compile time error won't be caught either, since the execution of the statements never happens.
BEGIN TRY
PRINT 'Inside Try-Block'
'This is not sql'
END TRY
BEGIN CATCH
SELECT error_number() as 'Error In Try Block'
END CATCH
|||thanks jaegd for your reply.. it didn't say in BOL that try/catch doesn't catch all errors or maybe i left that out.
anyhow, my problem is not solved. is there an alternative where i can catch any errors that occur?
|||See the following BOL reference for the constructs which Try/Catch does not trap.http://msdn2.microsoft.com/en-us/library/ms175976.aspx
However, To catch almost every error (including compile time and deferred name resolution errors), you can use dynamic SQL in combination with sp_executesql.
BEGIN TRY
DECLARE @.not_sql NVARCHAR(100)
SET @.not_sql = 'This is not sql'
EXEC sp_executesql @.not_sql
END TRY
BEGIN CATCH
SELECT ERROR_NUMBER() AS ErrorNumber
END CATCH
Note that almost every error is caught with this method, because broken client connections are not
trapped, hopefully for relatively obvious reasons (you have no
connection).|||thanks a lot jaegd
Error:SqlConnection does not support parallel transactions"
This is my code in vb.net with Sql transaction
I am using insertcommand and update command for executing the sqlquery
in consecutive transactions as follows.
How can I achive parallel transactions in sql
------start of code-------
try
bID = Convert.ToInt32(Session("batchID"))
strSQL = ""
strSQL = "Insert into sessiondelayed (batchid,ActualEndDate) values (" & bID & ",'" & Format(d1, "MM/dd/yyyy") & "')"
sqlCon = New System.Data.SqlClient.SqlConnection(ConfigurationSettings.AppSettings("conString"))
Dim s1 As String = sqlCon.ConnectionString.ToString
sqlDaEndDate = New System.Data.SqlClient.SqlDataAdapter("Select * from sessiondelayed", sqlCon)
dsEndDate = New DataSet
sqlDaEndDate.Fill(dsEndDate)
dbcommandBuilder = New SqlClient.SqlCommandBuilder(sqlDaEndDate)
'sqlCon.BeginTransaction()
'sqlDaEndDate.InsertCommand.Transaction = tr
If sqlCon.State = ConnectionState.Closed Then
sqlCon.Open()
End If
sqlDaEndDate.InsertCommand = sqlCon.CreateCommand()
tr = sqlCon.BeginTransaction(IsolationLevel.ReadCommitted)
sqlDaEndDate.InsertCommand.Connection = sqlCon
sqlDaEndDate.InsertCommand.Transaction = tr
sqlDaEndDate.InsertCommand.CommandText = strSQL
sqlDaEndDate.InsertCommand.CommandType = CommandType.Text
sqlDaEndDate.InsertCommand.ExecuteNonQuery()
tr.Commit()
sqlDaEndDate.Update(dsEndDate)
sqlCon.Close()
End If
Catch es As Exception
Dim s2 As String = es.Message
If sqlCon.State = ConnectionState.Closed Then
sqlCon.Open()
End If
strSQL = " update SessionDelayed set ActualEndDate= '" & Format(d1, "MM/dd/yyyy") & "' where batchid=" & bID & ""
sqlDaEndDate.UpdateCommand = sqlCon.CreateCommand()
tr1 = sqlCon.BeginTransaction(IsolationLevel.ReadCommitted)
sqlDaEndDate.UpdateCommand.Connection = sqlCon
sqlDaEndDate.UpdateCommand.Transaction = tr1
sqlDaEndDate.UpdateCommand.CommandText = strSQL
sqlDaEndDate.UpdateCommand.CommandType = CommandType.Text
sqlDaEndDate.UpdateCommand.ExecuteNonQuery()
tr1.Commit()
sqlDaEndDate.Update(dsEndDate)
sqlCon.Close()
End Try
'----End------
You can't since connection is basically tied to a transaction and there can be one at a time.
You either:
- use the same connection and share the same transaction
- use separate connections and therefore separate transactions
If you use v2.0 TransactionScope class might help your task.
Error:Procedure or function CatalogJSummary has too many arguments specified
hello, all
I am using a Stored procedure and calling this in my code in C#.
Here is my procedure:
CatalogJSummary
(
@.SeriesId INT
)
AS
SELECT Games.GameName, Games.Id AS GameId
FROM GameCodes INNER JOIN
Games ON GameCodes.GameId = Games.Id INNER JOIN
MobileSeries ON GameCodes.SeriesId = MobileSeries.Id INNER JOIN
Mobiles ON MobileSeries.Id = Mobiles.SeriesId
GROUP BY Games.GameName, Games.Id, MobileSeries.Id
HAVING (MobileSeries.Id = @.SeriesId)
RETURN
and here is the calling C# code::
public DataSet CatalogJSummary(int sid)
{
SqlConnection cnUnique=new SqlConnection();
cnUnique.ConnectionString=System.Configuration.ConfigurationSettings.AppSettings["jconnection"];
//con.ConnectionString=System.Configuration.ConfigurationSettings.AppSettings["jconnection"];
com.CommandText="CatalogJSummary";
com.CommandType=CommandType.StoredProcedure;
com.Parameters.Add("@.SeriesId",SqlDbType.Int);
com.Parameters["@.SeriesId"].Value=sid;
com.Connection=cnUnique;
// con.Open();
cnUnique.Open();
adp=new SqlDataAdapter();
adp.SelectCommand=com;
DataSet ds1=new DataSet();
adp.Fill(ds1);
cnUnique.Close();
return ds1;
}
but when this code execute,with the parameter passed to stored procedure using this code at runtime, i get the following error::
Procedure or function CatalogJSummary has too many arguments specified.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: Procedure or function CatalogJSummary has too many arguments specified.
Source Error:
Line 243:adp.SelectCommand=com; Line 244:DataSet ds1=new DataSet(); Line 245:adp.Fill(ds1); Line 246:cnUnique.Close(); Line 247:return ds1;
Source File: c:\inetpub\wwwroot\mobmasti.catalog\classes\truetonescls.cs Line: 245
Anyone please help me to resolve this error
thanks in advance
There are many options you can try:
1. From SQL Server books online:
If the first three characters of the procedure name are sp_, SQL Server
searches the master database for the procedure. If no qualified procedure name is provided, SQL Server searches for the procedure as if the owner name is dbo. To resolve the stored procedure name as a user-defined stored procedure with the same name as a system stored procedure, provide the fully qualified procedure name.
2. Make sure the field names between your calls and the procedure are the same
3. Make sure you attached the database with the user it was intended to be used with. Otherwise you may not have sufficient rights and this message will show up.
Wednesday, February 15, 2012
Error: SQL Server does not exist or access denied. (Error code 17).
Hello everyone.
I am trying to install Project Server, and i'm having issues with sharepoint, and connecting to SQL:
dataserver is running sbs2003 sql2003 and analsys services.
server2 is running server2003 is to be the application server for project.
ProjectDb is the database that i have setup in sql.
username is the account that can control everything as administrer.
in Sharepoint is asks for the database server: <<dataserver>>
SQL Server database name: <<ProjectDb>>
I'm using windoes authentication and then i click ok, and get the error message.
I've also see the error message can not find the SQL Server, and access denied. Under ODBC i have installed the sql server information under System DSN.
Any help would be great.
Thanks
Everett Buel
Start by confirming that SQL Server is running and that you can access it directly. I take it this is SQL Server 2000, so you should have Query Analyzer installed and you can use it to try to connect to your database. Also (more basic) check to confirm that the SQL Server service is started.|||SQL is running I have the Query Analyzer installed. All services are started. I can access the Sql Server from my desktop so i know that part is working.
But when I try to start up the data connection of the sharepoint services on the server running server 2003 i still get the error message.
Data services are all running on both servers.
Thanks for your reply
Everett Buel
|||It would be nice if you two finished this thread. I can't tell you how many times I've gone searching the MS web site for resolution of error messages only to find this type of non-solution. If this is all you can do then why don't you delete the useless thread.
Bryce
Error: SQL Server does not exist or access denied. (Error code 17).
Hello everyone.
I am trying to install Project Server, and i'm having issues with sharepoint, and connecting to SQL:
dataserver is running sbs2003 sql2003 and analsys services.
server2 is running server2003 is to be the application server for project.
ProjectDb is the database that i have setup in sql.
username is the account that can control everything as administrer.
in Sharepoint is asks for the database server: <<dataserver>>
SQL Server database name: <<ProjectDb>>
I'm using windoes authentication and then i click ok, and get the error message.
I've also see the error message can not find the SQL Server, and access denied. Under ODBC i have installed the sql server information under System DSN.
Any help would be great.
Thanks
Everett Buel
Start by confirming that SQL Server is running and that you can access it directly. I take it this is SQL Server 2000, so you should have Query Analyzer installed and you can use it to try to connect to your database. Also (more basic) check to confirm that the SQL Server service is started.|||SQL is running I have the Query Analyzer installed. All services are started. I can access the Sql Server from my desktop so i know that part is working.
But when I try to start up the data connection of the sharepoint services on the server running server 2003 i still get the error message.
Data services are all running on both servers.
Thanks for your reply
Everett Buel
|||
It would be nice if you two finished this thread. I can't tell you how many times I've gone searching the MS web site for resolution of error messages only to find this type of non-solution. If this is all you can do then why don't you delete the useless thread.
Bryce
Subscribe to:
Posts (Atom)