Brand New to MS SQL

Posts: 1 · Posted: Tue Oct 05, 2004 8:29 pm

Need to get up to speed FAST on MS SQL as new project dictates using this db. Only other db experiance has been in Access and a little MySQL. I would like to get some reference materials (titles of books, URLs, etc.) - but not too heavy on the technical side though. Just enough to get me started and load the db to the host server with minimal difficulty. I can tackle the heavy stuff afterwards.

I appreciate the assist! Thanks.

Posts: 101 · Posted: Wed Oct 06, 2004 1:50 pm

A good reference book that I've used is Sams Teach yourself SQL in 10 minutes. It explains things in a short and succinct way. This was written by Ben Forta and I use his Cold Fusion books all the time.

Posts: 1031 · Posted: Wed Oct 06, 2004 4:36 pm

Also, if you can find them, WROX Press books are REALLY good. And if you're looking for some REALLY QUICK answers online, you can goto http://www.w3schools.com/sql/default.asp... that saved me a few times, and to date still does. It hits the basics of the syntax with no good explanations, but it does the trick.

Posts: 84 · Posted: Wed Oct 06, 2004 7:54 pm

I have found that http://www.techonthenet.com/sql/index.htm is pretty helpful for basic SQL stuff. We have some instructions for connecting to Enterprise Manager on our support pages at http://www.hostmysite.com/support/sql/enterprise-manager/

One thing I learned today in SQL is that if you are running a query that has a where clause, like Select .... where field = <flag>
that if you surround the flag in " " you will get an error. You need to surround it in ' '

Posts: 1031 · Posted: Wed Oct 06, 2004 8:21 pm

Cheryl, you are correct. Im not sure if tsp1 is using ASP.NET, but if so theres a wonderful bit of code that eliminates the need to worry about properly delimiting the query or command.

You can alleviate this by using a Parameterized Command like so:

BAD CODE

Code:

dim Conn as New SQLConnection(ConnString)
dim strSQL as string = "SELECT This, That, TheOther " & _
"FROM Table " & _
"WHERE This='" & txtBox.Text & "' AND That=" & Cstr(integer_value) & " AND TheOther=" & Cstr(drpTheOther.SelectedItem.Value) & " " & _
"ORDER BY This DESC"

dim C as New SQLCommand(strSQL, Conn)
dim DR as SQLDataReader

Conn.Open()

'write out or bind data here

Conn.Close()

GOOD CODE

Code:

dim Conn as New SQLConnection(ConnString)
dim strSQL as string = "SELECT This, That, TheOther " & _
"FROM Table " & _
"WHERE This=@This AND That=@That AND TheOther=@TO " & _
"ORDER BY This DESC"

dim C as New SQLCommand(strSQL, Conn)
dim DR as SQLDataReader

'Add Parameters here... great stuff ;)
With C.Parameters
.Add(New SQLParameter("@This", txtBox.Text))
.Add(New SQLParameter("@That", integer_value))
.Add(New SQLParameter("@TO", drpTheOther.SelectedItem.Value))
End With

Conn.Open()

Try

'write out or bind data here

Catch Exc as Exception
response.write(Exc.ToString().Replace(Environment.NewLine(), "<br />"))
End Try

Conn.Close()

The Parameters take care of all conversions, delimiters, and anything else that could get in the way of a successful execution of the command/query.

Also notice the use of the Try... Catch block... Great stuff so that when your code errors out the page finishes processing, but you can see where the errors are popping up also. Wink

And just for kicks, here's how to accomplish this with classic ASP Wink

:

Code:

Option Explicit

dim C, RS, strSQL, sEmpId, sHireDate, sCountry
set C = server.CreateObject("ADODB.Command")
C.ActiveConnection = ConnString

'For simplicity sake, I hardcoded these values.
sEmpId = 1
sHireDate = "1 January 1993"
sCountry = "USA"

strSQL = "SELECT FirstName, LastName, Title " & _
"FROM Employees " & _
" WHERE (EmployeeID > ? AND HireDate > ? AND Country = ?)"

C.CommandText = strSQL
set RS = C.Execute (,Array(sEmpId,sHireDate,sCountry))

Do While NOT RS.EOF
'do stuff w/ data here.
Loop

Notice the use of the ?'s, and then how we added the associated variables using an Array call... great stuff there. Again, adds the delimeters, etc. all by itself. The only important thing to remember is to add the items in the array in the order that they show up in the command. As long as you remember that you'll have no problems.

Posts: 27 · Posted: Fri May 06, 2005 8:01 pm

Even though it's not a good habit to include ' (single quote) in your db, there is still a workaround if you ever need to pull a field having single quote as part of the data. You can prefix it with another single quote. In sql, single quote is the escape character. As in PHP, \ (back slash) is its escape character.