sql server - Select IN using varchar string with comma delimited values -

-

i trying search several tables list of phones.

the problem converting single string valid comma delimited string use in conjunction in clause.

i tried using replace fix problem.

declare @phonenumber varchar(3000)  set @phonenumber = '6725556666,2124444444' set @phonenumber = '''' + @phonenumber + ''''  select @phonenumber '6725556666','2124444444'

finally sample sql not recognize string expected:

select  provider         ,phonenumber               ,changetype         ,changedate  dbo.phonelog phonenumber in (@phonenumber)

there several ways handle this. 1 option use dynamic sql , inject phone number string variable containing statement , executing this:

declare @phonenumber varchar(3000)  set @phonenumber = '6725556666,2124444444' declare @sql nvarchar(max) set @sql = n'     select provider, phonenumber, changetype, changedate      dbo.phonelog     phonenumber in (' + @phonenumber + ')' exec sp_executesql @sql

please note approach can vulnerable sql injection attacks, instance feeding string 

set @phonenumber = '1);truncate table phonelog;--'

would empty table. using dynamic sql approach above should option if it's string fed in injected sanitized , safe (or maybe should never used).

another, possibly better, option use user defined function split phonenumber variable , use this:

select provider, phonenumber, changetype, changedate  dbo.phonelog phonenumber in (     select splitdata dbo.fnsplitstring(@phonenumber,',')     -- add check here data returned function      -- indeed numeric , valid     -- isnumeric(splitdata) = 1     )

here's function used in example:

create function [dbo].[fnsplitstring]        (            @string nvarchar(max),            @delimiter char(1)        )        returns @output table(splitdata nvarchar(max)        )        begin            declare @start int, @end int            select @start = 1, @end = charindex(@delimiter, @string)            while @start < len(@string) + 1 begin                if @end = 0                     set @end = len(@string) + 1                insert @output (splitdata)                 values(substring(@string, @start, @end - @start))                set @start = @end + 1                set @end = charindex(@delimiter, @string, @start)            end            return        end

i did not write function, think got somewhere on internet...


Comments

Post a Comment

Popular posts from this blog

java - Oracle EBS .ClassNotFoundException: oracle.apps.fnd.formsClient.FormsLauncher.class ERROR -

-
i need in configuring java on machine because, when try loading forms, loader goes in circles , gives error: java.lang.classnotfoundexception: oracle.apps.fnd.formsclient.formslauncher.class @ sun.plugin2.applet.applet2classloader.findclass(unknown source) @ sun.plugin2.applet.plugin2classloader.loadclass0(unknown source) @ sun.plugin2.applet.plugin2classloader.loadclass(unknown source) @ sun.plugin2.applet.plugin2classloader.loadclass(unknown source) @ java.lang.classloader.loadclass(unknown source) @ sun.plugin2.applet.plugin2classloader.loadcode(unknown source) @ sun.plugin2.applet.plugin2manager.createapplet(unknown source) @ sun.plugin2.applet.plugin2manager$appletexecutionrunnable.run (unknown source) @ java.lang.thread.run(unknown source) i have tried re-installing firefox, older versions of java runtime environments, disabling proxy. what missing? application working on other machines. i spent around 100 hours finding s...
Read more

c# - how to use buttonedit in devexpress gridcontrol -

-
Image
i trying create gridcontrol buttonedit in 1 of columns. when user clicks button edit, popups form select product. when selection done on popup, returns datarow selection main grid below. but when column loses focus, value wrote column disappear. here code creates gridcontrol's data , buttonedit's click event. private void frmsiparisnew_load(object sender, eventargs e) { dt = new datatable(); dt.columns.add("malzeme_kodu",typeof(string)); dt.columns.add("malzeme_aciklama", typeof(string)); dt.columns.add("adet", typeof(decimal)); dt.columns.add("birim", typeof(string)); dt.columns.add("fiyat", typeof(decimal)); dt.columns.add("kur", typeof(string)); dt.columns.add("tutar", typeof(decimal)); datarow dr = dt.newrow(); dt.rows.add(dr); gc.datasource = dt; } private void repositoryitembuttoneditmal...
Read more

How do you convert a timestamp into a datetime in python with the correct timezone? -

-
you naively expect work: import pytz datetime import datetime def tz_datetime_from_timestamp(timestamp): """convert timestamp datetime """ tz = pytz.timezone('australia/perth') server_time = datetime.utcnow() delta = tz.utcoffset(server_time) value = datetime.utcfromtimestamp(timestamp).replace(tzinfo=tz) return value + delta print tz_datetime_from_timestamp(1416387060) and convert timestamp 1416387060 wed nov 19 16:51:00 2014 gmt+8:00. ...but not. prints: 2014-11-19 16:51:00+07:43 the timezone of australia/perth not gmt+7:43. it gmt+8:00. unequivocally stated on australian government website http://www.australia.gov.au/about-australia/our-country/time : awst equal coordinated universal time plus 8 hours (utc +8). so, heck pytz pulling 7.43 from? well, turns out pytz pulls data http://www.iana.org/time-zones time zone database, , database states: # western australia # # rule name type in on @...
Read more