Writing dyanmic SQL in an ASP page

By Bill Graziano on 29 July 2000 | Tags: Queries

Alejandro writes "Please help me, I can't write the syntax for something like this: search?cat1=America&cat2=EEUU . . . "

I can't write the syntax for something like this:

search?cat1=America&cat2=EEUU

I have this:

MySQL = "SELECT * FROM MiTable WHERE cat1='" & Request.QueryString("cat1") & cat2='" & Request.QueryString("cat2") "'"

Alejandro,

I always try to start with the results when I'm writing dynamic SQL in an ASP page. I'm guessing you want to end up with something like this:


Select *
From   MiTable
Where  cat1 = 'America'
and    cat2 = 'EEUU'

I also try to simplify my code so that it's easier to read. When I'm building complex strings (like SQL statements) it really help to break it into multiple lines that each append to the string. Your code might look something like this:


MySQL = "SELECT * FROM MiTable "
MySQL = MySQL & " Where cat1='" & Request.QueryString("cat1") & "'"
MySQL = MySQL & " and cat2='" & Request.QueryString("cat2") & "'"

Remeber that SQL Server likes single quotes around character constants (strings) and not double quotes. Also remember to leave spaces between SQL keywords if you use this approach.

I would also be careful using Select *. This will bring back every column in a table or view. If tables change over time you might be returning values you don't need. I'd suggest you list the specific fields you want in your Select statement.