Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
ntn104
Posting Yak Master
175 Posts |
 Posted - 2011-06-29 : 17:37:41
|
| I am using sql statement to display data in webview. I have to display data for different years. First i want web page come up with the current year data, and I will have form at the bottom available for user to enter account number and year to display different year. I am thinking using tilde (~~) to find year in sql clause statement....but it does not work...for example:sID = request.item("acccountid")sYear = request.item("year")select acccountid, income, yearfrom tablewhere accountid=sID and year= sYear (or and year='~~~~')Thanks, |
|
|
SwePeso
Patron Saint of Lost Yaks
30421 Posts |
Posted - 2011-06-29 : 17:43:10
|
Use stored procedures to avoid dynamic sql and sql injection. Do you want to walk the same path as Sony?Then pass the two variables sID and sYear as parameter to the stored procedure.
N 56°04'39.26"E 12°55'05.63" |
 |
|
|
ntn104
Posting Yak Master
175 Posts |
Posted - 2011-06-29 : 17:48:26
|
Sorry, Can you give me example of stored procedure? I am not sure what your question about the same path as Sonny?thanks,quote:
Originally posted by Peso
Use stored procedures to avoid dynamic sql and sql injection. Do you want to walk the same path as Sony?Then pass the two variables sID and sYear as parameter to the stored procedure.
N 56°04'39.26"E 12°55'05.63"
|
|
|
|
|
|
|
sql question