tags:

views:

104

answers:

3
+1  Q: 

procedure in sql server (getting problem )?

hi,

In my application i am implementing search, it is like when user enter text separated with comma in a text box, search result will be displayed. This is my requirement and for this i write a procedure for this it is like this.......

create procedure [dbo].[videos_getSearch](@searchstring AS VARCHAR(1000)) 
AS 
BEGIN  

DECLARE @CurNumber INT, @CommaIndex INT, @strSearch varchar(3000),@str varchar(50) 
declare @strQuery varchar(1000),@result varchar(5000) 
declare @sql varchar(2000) 
DECLARE @CurNumStr VARCHAR(20) 

  set @strSearch = '' 

 WHILE LEN(@searchstring) > 0 
 BEGIN 

     SET @CommaIndex = CHARINDEX(',', @searchstring) 
     IF @CommaIndex = 0 SET @CommaIndex = LEN(@searchstring)+1 
     SET @CurNumStr = SUBSTRING(@searchstring, 1, @CommaIndex-1) 
     SET @searchstring = SUBSTRING(@searchstring, @CommaIndex+1, LEN(@searchstring)) 

    BEGIN 

        set @str = ltrim(rtrim(@CurNumStr)) 
        if LEN(@searchstring)> 0 
          begin 
            set @strSearch = @strSearch + '''%' + @str +'%'''+'or tags like'  
          end 
        else 
          begin 
            set @strSearch = @strSearch + '''%'+ @str +'%''' 
          end 
    END 
 END 



    set @sql='SELECT  phot_album.albumid,phot_album.tags,phot_album.albumtitle,phot_album.coverphoto,trailor_creation.trailorid,trailor_creation.tags,trailor_creation.movie,trailor_creation.images,video_upload.videoid,video_upload.videotitle,video_upload.videofile,video_upload.tags FROM   phot_album   INNER JOIN   trailor_creation ON phot_album.tags = trailor_creation.tags INNER JOIN   video_upload  ON phot_album.tags = video_upload.tags where (phot_album.tags)  like  '+@strSearch  +' or  (trailor_creation.tags)  like '+@strSearch  +' or  (video_upload.tags) like '+@strSearch  
     execute (@sql)

 END

when i run this procedure it is giving error like ambigious 'tags' in this procedure i am joining 3 tables . can u help me

Ambiguous column name 'tags'. Msg 209, Level 16, State 1, Line 1 Ambiguous column name 'tags'. Msg 209, Level 16, State 1, Line 1 Ambiguous column name 'tags'.

+1  A: 

The error is this line:

set @strSearch = @strSearch + '''%' + @str +'%'''+'or tags like'

You need to specify which table for the or tags like

ck  2010-06-30 09:37:56
Mr. ck how can i specify the table name. can you tell me please. thank you for reply
Surya sasidhar  2010-06-30 09:43:11
You need to add the correct table name before hand with a period `.` between, the same as in the select statement.
ck  2010-06-30 10:03:35
Mr.ck if you don't mind can u change the query according to my requirement please it is very urgent. Thank you
Surya sasidhar  2010-06-30 12:19:36
+1  A: 

The problem is this line:

set @strSearch = @strSearch + '''%' + @str +'%'''+'or tags like'

From what I can tell, all of the tables you are joining have a tags column and in this where clause you don't specify what table you are filtering by

Vedran  2010-06-30 09:38:42
Ya Mr. Verdan How can i say tags is this table can u solve this queryThank you for response
Surya sasidhar  2010-06-30 09:42:34
Like ck said above, you'll have to specify the table, but after looking at your query I saw that you're using the same string as the where clause for 3 different tables.(phot_album.tags) like '+ @strSearch +' or (trailor_creation.tags) like '+ @strSearch +' or (video_upload.tags) like '+ @strSearchI'm afraid that in that case you'll have to change something in your query, you won't be able to use it using the same where clause string.On a side note, I don't know if it's just in the post, but it seems you forgot to put @searchstring at the end of @strSearch
Vedran  2010-06-30 10:52:13
Mr. Verdan thanks for response but i am not understand if you don't mind can u modify that query thank you
Surya sasidhar  2010-06-30 11:34:19
I am not that much strong in sql queries.
Surya sasidhar  2010-06-30 11:37:54
+2  A: 

Your current approach using dynamic SQL based on user input is vulnerable to SQL injection. I have altered it so the search terms get put into a table variable that is then joined on. This is safer.

Additionally I'm not sure about the desired semantics. Your dynamic SQL WHERE clause is where (phot_album.tags) like '+@strSearch +' or (trailor_creation.tags) like '+@strSearch +' or (video_upload.tags) like '+@strSearch

but your JOIN clause brings back records joined on tag. In which case the tag value in all of the tables will be the same and it is only necessary to check one of them.

CREATE PROCEDURE [dbo].[videos_getSearch](@searchstring AS VARCHAR(1000)) 
AS 
BEGIN  

DECLARE @CurNumber INT, @CommaIndex INT, @strSearch VARCHAR(3000),@STR VARCHAR(50) 
DECLARE @strQuery VARCHAR(1000),@RESULT VARCHAR(5000) 
DECLARE @SQL VARCHAR(2000) 
DECLARE @CurNumStr VARCHAR(20) 


 WHILE LEN(@searchstring) > 0 
 BEGIN 

     SET @CommaIndex = CHARINDEX(',', @searchstring) 
     IF @CommaIndex = 0 SET @CommaIndex = LEN(@searchstring)+1 
     SET @CurNumStr = SUBSTRING(@searchstring, 1, @CommaIndex-1) 
     SET @searchstring = SUBSTRING(@searchstring, @CommaIndex+1, LEN(@searchstring)) 

     DECLARE @SearchTerms TABLE
     (
     Term VARCHAR(50)
     )

    BEGIN 

        SET @STR = LTRIM(RTRIM(@CurNumStr)) 
       INSERT INTO @SearchTerms VALUES (@STR)
    END 
 END 


SELECT phot_album.albumid        ,
       phot_album.tags           ,
       phot_album.albumtitle     ,
       phot_album.coverphoto     ,
       trailor_creation.trailorid,
       trailor_creation.tags     ,
       trailor_creation.movie    ,
       trailor_creation.images   ,
       video_upload.videoid      ,
       video_upload.videotitle   ,
       video_upload.videofile    ,
       video_upload.tags
FROM   phot_album
       INNER JOIN trailor_creation
       ON     phot_album.tags = trailor_creation.tags
       INNER JOIN video_upload
       ON     phot_album.tags = video_upload.tags
       INNER JOIN @SearchTerms ST
       ON     phot_album.tags LIKE '%' + ST.Term + '%'



 END

Actually I'm going to guess that something like this might be more what you need. Does the tags column in the tables contain a comma delimited list of tags? If so putting this into first normal form will allow this query to be simpler and more efficient.

CREATE PROCEDURE [dbo].[videos_getSearch]
(
@searchstring AS VARCHAR(1000)
)
AS
    BEGIN

        DECLARE @SearchTerms TABLE 
        ( 
        Term VARCHAR(50) 
        )

        DECLARE @CommaIndex INT
        DECLARE @CurNumStr  VARCHAR(20)

        WHILE LEN(@searchstring) > 0
        BEGIN
            SET @CommaIndex   = CHARINDEX(',', @searchstring)

            IF @CommaIndex    = 0
                SET @CommaIndex   = LEN(@searchstring)+1

            SET @CurNumStr    = SUBSTRING(@searchstring, 1, @CommaIndex-1)
            SET @searchstring = SUBSTRING(@searchstring, @CommaIndex+1, LEN(@searchstring))

            BEGIN
                INSERT
                INTO @SearchTerms VALUES
                    ('%' + LTRIM(RTRIM(@CurNumStr)) + '%')
            END
        END


        SELECT 'phot_album'    AS Source   ,
            phot_album.albumid AS entityId ,
            phot_album.tags                ,
            phot_album.albumtitle AS title ,
            phot_album.coverphoto AS image
        FROM phot_album
            INNER JOIN @SearchTerms ST
            ON  phot_album.tags LIKE ST.Term

        UNION ALL

        SELECT 'trailor_creation' AS Source ,
            trailor_creation.trailorid      ,
            trailor_creation.tags           ,
            trailor_creation.movie          ,
            trailor_creation.images
        FROM trailor_creation
            INNER JOIN @SearchTerms ST
            ON  trailor_creation.tags LIKE ST.Term

        UNION ALL

        SELECT 'video_upload' AS Source ,
            video_upload.videoid        ,
            video_upload.tags           ,
            video_upload.videotitle     ,
            video_upload.videofile
        FROM video_upload
            INNER JOIN @SearchTerms ST
            ON  video_upload.tags LIKE ST.Term
    END
Martin Smith  2010-07-03 10:42:33

related questions

SQL Server, convert a named instance to default instance?
Natural (human alpha-numeric) sort in Microsoft SQL 2005
In MS SQL Server 2005, is there a way to export, the complete maintenance plan of a database as a SQL Script?
Does ReadUncommitted imply NoLock
Query to list all tables that contain a specific column with SQL Server 2005.
Can I maintain state between calls to a SQL Server UDF?
What are the benefits of using partitions with the Enterprise edition of SQL 2005
Upgrading Sharepoint 3.0 to SQL 2005 Backend?
What's the simplest way to execute a query in Visual C++
Can you perform an AND search of keywords using FREETEXT() on SQL Server 2005?
Create a database from another database?
What's the fastest way to bulk insert a lot of data in SQL Server (C# client)
SQL 2005 Book For Optimization Techniques
How do I create a mapping table in SQL Server Management Studio?
Cannot Add a Sql Server Login
SQL Server 2005 - Export table programatically (run a .sql file to rebuild it)
Diagnosing Deadlocks in SQL Server 2005
SQL2005: Linking a table to multiple tables and retaining Ref Integrity?
How to create a new instance of Sql Server 2005
SQL Server 2008 vs 2005 Linq integration
How do you kill all current connections to a SQL Server 2005 database?
Conditional Visibility and Page Breaks with SQL Server 2005 Reporting Services
SQL Server 2005 and 2008 on same developer machine?
Paging SQL Server 2005 Results
SQL 2005 For XML Explicit - Need help formatting