tags:

views:

86

answers:

4
Q: 

Error concerned with storedprocedure 

set ANSI_NULLS ON
set QUOTED_IDENTIFIER ON
GO
ALTER Procedure [dbo].[rptGGM]
(
    @FromDate datetime,
    @ToDate datetime,
    @PartyName varchar(50),
    @Type int
)

As
DECLARE @WhrStr VarChar(500)

SET @WhrStr = 
    CASE @Type
    WHEN 1 THEN
     ' And E.ATAAir between '+ @FromDate +' And '+@ToDate

    WHEN 2 THEN
     ' And D.ATASea between '+ @FromDate+ ' And '+@ToDate
    END
exec
(
'SELECT 
      A.FileNumber As [File No],
      S.POString As [PO Numbers],
      G.PartyName As [Exporter Name],
      C.CargoDesc As [Cargo Description],
      Dbo.ActualDate(A.ETA) As ETA,
         Dbo.ActualDate(IsNull(E.ATAAir, D.ATASea)) As ATA,
     S.SIString As [Supplier Invoices],
D.VesselName As [Vessel Name],
      D.VoyageNo As [Voyage No],
     dbo.PackCntDetails(A.FileID) As [Pk/Cnt Details]

FROM
    FileMain A

LEFT JOIN SIPOString S ON S.FileID=A.FileID
LEFT JOIN Party G ON G.PartyID = A.ExporterID
INNER JOIN Cargo C ON C.FileID = A.FileID
LEFT JOIN FileSea D ON D.FileID = A.FileID
LEFT JOIN FileAir E ON E.FileID = A.FileID

WHERE   
     G.PartyName='+@PartyName +' '+@WhrStr


)

While executing above procedure following error is coming Msg 241, Level 16, State 1, Procedure rptGGM, Line 12 Conversion failed when converting datetime from character string. Can anybody to help to solve the error.

A: 

You have to quote the datetime values

...
WHEN 1 THEN
    ' And E.ATAAir between '''+ CAST(@FromDate AS varchar(30)) +''' And '''+CAST(@ToDate AS varchar(30)) + ''''

WHEN 2 THEN
    ' And D.ATASea between '''+ CAST(@FromDate AS varchar(30))+ ' And '''+CAST(@ToDate AS varchar(30)) + ''''
END
...

You'll also have the error later on near @partyname:

...
WHERE   
     G.PartyName='''+@PartyName +''' '+@WhrStr

Edit: Added CAST!

gbn  2009-04-15 11:41:14
still same error is coming.Can u suggest any other way?Is there any error in syntax in where condition.If yes,how can i remove it?
 2009-04-15 11:47:16
-1 for encouraging practices allowing SQL injection
Lucero  2009-04-15 15:09:27
How does it concern you or me?
gbn  2009-04-15 15:12:34
It does concern because people are looking for solutions here at Stackoverflow. So you basically spread the word with information leading to even more bad SQL code prone to injection attacks.
Lucero  2009-04-15 15:16:18
A: 

you need to do an explicit cast from datetime to varchar when constructing @WhrStr. The following should work:

CAST(@FromDate as varchar)
pmarflee  2009-04-15 11:43:28
-1 for encouraging practices allowing SQL injection
Lucero  2009-04-15 15:08:50
Lucero - Just how exactly does suggesting casting a datetime value to a string constitute advocating SQL injection?
pmarflee  2009-04-15 15:44:07
+2  A: 

This would be a lot simpler as a straightforward query without the EXEC. Why did you wrap all this in the EXEC?

Rob Garrison  2009-04-15 14:58:04
+1  A: 

Using dynamic SQL is very bad practice, since it not only may fail because of conversion issues and data length, but also allows SQL injection.

Use a proper query like this:

SELECT 
         A.FileNumber As [File No],
         S.POString As [PO Numbers],
         G.PartyName As [Exporter Name],
         C.CargoDesc As [Cargo Description],
         Dbo.ActualDate(A.ETA) As ETA,
         Dbo.ActualDate(IsNull(E.ATAAir, D.ATASea)) As ATA,
        S.SIString As [Supplier Invoices],
D.VesselName As [Vessel Name],
      D.VoyageNo As [Voyage No],
        dbo.PackCntDetails(A.FileID) As [Pk/Cnt Details]

FROM
    FileMain A

LEFT JOIN SIPOString S ON S.FileID=A.FileID
LEFT JOIN Party G ON G.PartyID = A.ExporterID
INNER JOIN Cargo C ON C.FileID = A.FileID
LEFT JOIN FileSea D ON D.FileID = A.FileID
LEFT JOIN FileAir E ON E.FileID = A.FileID

WHERE   
     G.PartyName=@PartyName AND
     (
           ((@Type = 1) And (E.ATAAir Between @FromDate And @ToDate))
     Or
           ((@Type = 2) And (E.ATASea Between @FromDate And @ToDate))
     )
Lucero  2009-04-15 15:06:09

related questions

Sql to query a dbs scheme
Transform Columns into Rows
SQL Client for Mac OS X that works with MS SQL Server
How do you get leading wildcard full-text searches to work in SQL Server?
SQL Server 2000: Is there a way to tell when a record was last modified?
What's the BEST way to remove the time portion of a datetime value (SQL Server)
I need to know how much disk space a table is using in SQL Server
What's the best way to determine if a temporary table exists in SQL Server?
Appropriate pagefile size for SQL Server
Have you ever encountered a query that SQL Server could not execute because it referenced too many tables?
ASP.NET MVC "CRUD" Database Sample
How do I unit test persistence?
Best Book for a new Database Developer
Can I logically reorder columns in a table?
Best way to copy a database in SQL Server 2005/8?
Is Windows Server 2008 "Server Core" appropriate for a SQL Server instance?
Why doesn't SQL Full Text Indexing return results for words containing #?
Client collation and SQL Server 2005
Editing database records by multiple users
Deploying SQL Server Databases from Test to Live
SQL Server 2005 implementation of MySQL REPLACE INTO?
Upgrading SQL Server 6.5
How do I version my MS SQL database in SVN?
How to export data from SQL Server 2005 to MySQL
Check for changes to a SQL table?