| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 77107 | 2007-02-27 01:08:00 | sql query woes | eldarcolonel (7392) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 528450 | 2007-02-27 01:08:00 | I'm confused. We'll, not confused, just plain old stumped. I need to order an sql query by two fields, hence my query: "SELECT * FROM CurrentJobs WHERE TransInvoiceCheck = TRUE AND CustBusinessName = '" & Request.QueryString("custBusinessName") & "' ORDER BY TransDate ASC, TransCustomerConsignment ASC" The problem is this. It doesn't sort by the second field. I checked it over, it seems fine. I tried building a query in the database (it's an access 2000 db by the way), and still nothing. I tried building it in vbdeveloper, still the same result. Any body ever encountered this before? Any help would be greatly appreciated. Thanks |
eldarcolonel (7392) | ||
| 528451 | 2007-02-27 03:52:00 | I'm confused. We'll, not confused, just plain old stumped. I need to order an sql query by two fields, hence my query: "SELECT * FROM CurrentJobs WHERE TransInvoiceCheck = TRUE AND CustBusinessName = '" & Request.QueryString("custBusinessName") & "' ORDER BY TransDate ASC, TransCustomerConsignment ASC" The problem is this. It doesn't sort by the second field. I checked it over, it seems fine. I tried building a query in the database (it's an access 2000 db by the way), and still nothing. I tried building it in vbdeveloper, still the same result. Any body ever encountered this before? Any help would be greatly appreciated. Thanks should work. It will order first by TransDate from earliest date to latest date, then by TransCustomerConsi1/1/2002 123457 gment by smallest value to largest i.e. ...1/1/2002 123456 1/1/2002 123458 etc. |
Cicero (40) | ||
| 528452 | 2007-02-27 04:18:00 | It took me a moment to see what you were doing there. For others looking, this is not a SQL query by itself but is a Visual Basic expression to generate a query. Firstly, READ ABOUT SQL INJECTION ATTACKS! I believe from the Request.QueryString() this is a web-based data access system? As it stands, that query could be used by an attacker to gain complete access to your database. All they have to do is maliciously construct a parameter and your site is toast (or worse, your customer data is leaked). Even if this is only on an intranet, code like this should never be used in a live application. I'm afraid I'm not sure why the sort doesn't work on the two columns. This may be a fundamental limitation of the Jet engine (the database engine for Access). If Jet is too limiting you may like to consider using a better engine such as Sqlite or better still a full database server package (MS SQL Server, MySQL, PostgreSQL, etc). MSDN help says you can get more details from the Office assistant by searching for "ORDER BY" - you may like to look there. |
TGoddard (7263) | ||
| 528453 | 2007-02-27 05:58:00 | Thank you very much for your help. I think it is a limitation of the database system. The query is on a very secure intranet. But I will be changing to safer methods very soon (as soon as emergency updates are complete :)). The message stands though, this type of query is very unsafe and there are faster and safer methods. | eldarcolonel (7392) | ||
| 1 | |||||