query in ASP to SQL db

Discussion in 'ASP General' started by amatuer, Oct 18, 2006.

  1. amatuer

    amatuer Guest

    <% Datum = "1/1/2005"
    Datum = cdate(datum)
    Datum2 = datum + 9


    Datum = Month(Datum) & "-" & Day(Datum) & "-" & Year(Datum)
    Datum2 = Month(Datum2) & "-" & Day(Datum2) & "-" & Year(Datum2)

    sql = "SELECT R_Reenval.NAAM, R_Reenval.Jaar, R_Reenval.Maand,
    R_Reenval.Dag, R_Reenval.Reenval_Silo, Sum(Reenval_Silo) AS
    SumOfReenval_Silo FROM R_Reenval WHERE ((R_Reenval.NAAM)='klerksdorp')
    AND (R_Reenval.Datum Between " & cdate(Datum) & " And " & cdate(Datum2)
    & ") Group By R_Reenval.NAAM, R_Reenval.Jaar, R_Reenval.Maand,
    R_Reenval.Dag, R_Reenval.Reenval_Silo ORDER BY Jaar, Maand, Dag" %>

    I am tryng to query some data according to dates...No matter hw I
    change the format of the date variables, my recordset still returns no
    data.

    Any ideas, suggestions please. Any help will be gr8ly appreciated..thanx
    amatuer, Oct 18, 2006
    #1
    1. Advertising

  2. Tell us what kind of database you're using; that's quite important.

    Ray at work

    "amatuer" <> wrote in message
    news:...
    > <% Datum = "1/1/2005"
    > Datum = cdate(datum)
    > Datum2 = datum + 9
    >
    >
    > Datum = Month(Datum) & "-" & Day(Datum) & "-" & Year(Datum)
    > Datum2 = Month(Datum2) & "-" & Day(Datum2) & "-" & Year(Datum2)
    >
    > sql = "SELECT R_Reenval.NAAM, R_Reenval.Jaar, R_Reenval.Maand,
    > R_Reenval.Dag, R_Reenval.Reenval_Silo, Sum(Reenval_Silo) AS
    > SumOfReenval_Silo FROM R_Reenval WHERE ((R_Reenval.NAAM)='klerksdorp')
    > AND (R_Reenval.Datum Between " & cdate(Datum) & " And " & cdate(Datum2)
    > & ") Group By R_Reenval.NAAM, R_Reenval.Jaar, R_Reenval.Maand,
    > R_Reenval.Dag, R_Reenval.Reenval_Silo ORDER BY Jaar, Maand, Dag" %>
    >
    > I am tryng to query some data according to dates...No matter hw I
    > change the format of the date variables, my recordset still returns no
    > data.
    >
    > Any ideas, suggestions please. Any help will be gr8ly appreciated..thanx
    >
    Ray Costanzo [MVP], Oct 18, 2006
    #2
    1. Advertising

  3. amatuer wrote:
    > <% Datum = "1/1/2005"
    > Datum = cdate(datum)
    > Datum2 = datum + 9
    >
    >
    > Datum = Month(Datum) & "-" & Day(Datum) & "-" & Year(Datum)
    > Datum2 = Month(Datum2) & "-" & Day(Datum2) & "-" & Year(Datum2)
    >
    > sql = "SELECT R_Reenval.NAAM, R_Reenval.Jaar, R_Reenval.Maand,
    > R_Reenval.Dag, R_Reenval.Reenval_Silo, Sum(Reenval_Silo) AS
    > SumOfReenval_Silo FROM R_Reenval WHERE ((R_Reenval.NAAM)='klerksdorp')
    > AND (R_Reenval.Datum Between " & cdate(Datum) & " And " &
    > cdate(Datum2) & ") Group By R_Reenval.NAAM, R_Reenval.Jaar,
    > R_Reenval.Maand, R_Reenval.Dag, R_Reenval.Reenval_Silo ORDER BY Jaar,
    > Maand, Dag" %>
    >
    > I am tryng to query some data according to dates...No matter hw I
    > change the format of the date variables, my recordset still returns no
    > data.
    >

    If, by "SQL db" you mean MS SQL Server, then:

    Your use of dynamic sql is leaving you vulnerable to hackers using sql
    injection:
    http://mvp.unixwiz.net/techtips/sql-injection.html
    http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23

    See here for a better, more secure way to execute your queries by using
    parameter markers:
    http://groups-beta.google.com/group/microsoft.public.inetserver.asp.db/msg/72e36562fee7804e

    Personally, I prefer using stored procedures:
    http://tinyurl.com/jyy0


    --
    Microsoft MVP -- ASP/ASP.NET
    Please reply to the newsgroup. The email account listed in my From
    header is my spam trap, so I don't check it very often. You will get a
    quicker response by posting to the newsgroup.
    Bob Barrows [MVP], Oct 18, 2006
    #3
  4. amatuer wrote on 18 Oct 2006 02:58:03 -0700:

    > <% Datum = "1/1/2005"
    > Datum = cdate(datum)
    > Datum2 = datum + 9
    >
    > Datum = Month(Datum) & "-" & Day(Datum) & "-" & Year(Datum)
    > Datum2 = Month(Datum2) & "-" & Day(Datum2) & "-" & Year(Datum2)
    >
    > sql = "SELECT R_Reenval.NAAM, R_Reenval.Jaar, R_Reenval.Maand,
    > R_Reenval.Dag, R_Reenval.Reenval_Silo, Sum(Reenval_Silo) AS
    > SumOfReenval_Silo FROM R_Reenval WHERE ((R_Reenval.NAAM)='klerksdorp')
    > AND (R_Reenval.Datum Between " & cdate(Datum) & " And " & cdate(Datum2)
    > & ") Group By R_Reenval.NAAM, R_Reenval.Jaar, R_Reenval.Maand,
    > R_Reenval.Dag, R_Reenval.Reenval_Silo ORDER BY Jaar, Maand, Dag" %>
    >
    > I am tryng to query some data according to dates...No matter hw I
    > change the format of the date variables, my recordset still returns no
    > data.
    >
    > Any ideas, suggestions please. Any help will be gr8ly appreciated..thanx


    Don't use MM-DD-YYYY format for a start, it's ambiguous (depending on the
    region settings, the day or month number could be switched). And don't
    reconvert the dates back to VB date format using CDate in the query
    construction. If you insist on not using a stored procedure then use an
    unambiguous date format such as YYYYMMDD.

    Dan
    Daniel Crichton, Oct 18, 2006
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Edward
    Replies:
    4
    Views:
    4,600
    William \(Bill\) Vaughn
    Apr 10, 2006
  2. Anonymous
    Replies:
    0
    Views:
    1,464
    Anonymous
    Oct 13, 2005
  3. ecoolone
    Replies:
    0
    Views:
    755
    ecoolone
    Jan 3, 2008
  4. Eric Nelson
    Replies:
    5
    Views:
    1,526
    Alexey Smirnov
    Feb 4, 2009
  5. Roland Hall

    ASP LIKE query using parameterized query

    Roland Hall, Jan 12, 2007, in forum: ASP General
    Replies:
    8
    Views:
    222
    Roland Hall
    Jan 13, 2007
Loading...

Share This Page