tags:

views:

56

answers:

2
+4  Q: 

SQL Server: get top xx blog record from Umbraco by parameter...

Following SQL get what I need:

 SELECT TOP (50) [nodeId] 
 FROM [dbo].[cmsContentXml] 
 WHERE [xml] like '%creatorID="29"%'    
   AND [xml] like '%nodeType="1086"%' 
 ORDER BY [nodeId] DESC

I need to pass in the numbers as parameters, so I have follows:

exec sp_executesql N'SELECT TOP (@max) [nodeId] FROM [dbo].[cmsContentXml] WHERE [xml] like ''%creatorID="@creatorID"%''    AND [xml] like ''%nodeType="@nodeType"%'' ORDER BY [nodeId] DESC',N'@max int,@creatorID int,@nodeType int',@max=50,@creatorID=29,@nodeType=1086

which however, returns no record, any idea?

+5  A: 

Try amending your SQL statement so that you are building the statement by adding the parameters as you are sending them as part of the statement e.g.

'SELECT TOP ' + @max + ' [nodeId] '.....
Ardman  2010-05-26 10:23:45
this works, however what is the difference, parameter and string concat?
ccppjava  2010-05-26 10:25:51
You are adding a parameter as part of a string concatenation. A parameter is used for Stored Procedures, and in your example, you are using String concatenation.
Ardman  2010-05-26 10:36:03
WARNING: using the string building approach is vulnerable to SQL Injection attacks. See: http://msdn.microsoft.com/en-us/library/ms161953.aspx
Daniel Renshaw  2010-05-26 10:36:22
I cannot find other ways around, but I know it is only used in a internal function, which all three paramters are System.Int32, so kind of safe.
ccppjava  2010-05-26 10:39:21
You could create a Stored Procedure and pass in the Parameters.
Ardman  2010-05-26 10:50:42
A: 

The problem is because of the way you are trying to use the parameters in the LIKE clauses.

i.e. the values of @creatorID and @nodeType are not actually being used in the LIKE conditions - you're actually searching for xml where (e.g.) it's LITERALLY like '%creatorID="@creatorID"'

You'd need to make sure your query does not come out as:

SELECT TOP (@max) [nodeId] 
FROM [dbo].[cmsContentXml] 
WHERE [xml] like '%creatorID="@creatorID"%'
    AND [xml] like '%nodeType="@nodeType"%' 
ORDER BY [nodeId] DESC

But instead:

SELECT TOP (@max) [nodeId] 
FROM [dbo].[cmsContentXml] 
WHERE [xml] like '%creatorID="' + CAST(@creatorID AS VARCHAR(50)) + '"%'
    AND [xml] like '%nodeType="' + CAST(@nodeType AS VARCHAR(50)) + '"%' 
ORDER BY [nodeId] DESC

So something like:

DECLARE @SQL NVARCHAR(1000)
SET @SQL = '
    SELECT TOP (@max) [nodeId] 
    FROM [dbo].[cmsContentXml] 
    WHERE [xml] like ''%creatorID="'' + CAST(@creatorID AS VARCHAR(50)) + ''"%''    
       AND [xml] like ''%nodeType="'' + CAST(@nodeType AS VARCHAR(50)) + ''"%'' 
    ORDER BY [nodeId] DESC'

exec sp_executesql @SQL,
    N'@max int,@creatorID int,@nodeType int',
    @max=50,@creatorID=29,@nodeType=1086
AdaTheDev  2010-05-26 10:39:05

related questions

Sql to query a dbs scheme
Transform Columns into Rows
SQL Client for Mac OS X that works with MS SQL Server
How do you get leading wildcard full-text searches to work in SQL Server?
SQL Server 2000: Is there a way to tell when a record was last modified?
What's the BEST way to remove the time portion of a datetime value (SQL Server)
I need to know how much disk space a table is using in SQL Server
What's the best way to determine if a temporary table exists in SQL Server?
Appropriate pagefile size for SQL Server
Have you ever encountered a query that SQL Server could not execute because it referenced too many tables?
ASP.NET MVC "CRUD" Database Sample
How do I unit test persistence?
Best Book for a new Database Developer
Can I logically reorder columns in a table?
Best way to copy a database in SQL Server 2005/8?
Is Windows Server 2008 "Server Core" appropriate for a SQL Server instance?
Why doesn't SQL Full Text Indexing return results for words containing #?
Client collation and SQL Server 2005
Editing database records by multiple users
Deploying SQL Server Databases from Test to Live
SQL Server 2005 implementation of MySQL REPLACE INTO?
Upgrading SQL Server 6.5
How do I version my MS SQL database in SVN?
How to export data from SQL Server 2005 to MySQL
Check for changes to a SQL table?