Home » ASP » Article
|
|
| Viewed: 52897 times |
Rating (30 votes): |
|
2.7 out of 5 |
|
|
|
Concatenate Strings in SQL
Sometime you may need to add a bit of text to a query result on the fly - as you query, you add the text.
This is called concatenating a string - literally meaning 'sticking together'.
It's really quite easy to do. Let's say we have a record in the products table
for 'washing machine' with an product_id of 35. There are 5 of them
in the quantity field and the product_price per item is $3.25. Here's the query we could use:
the recordset set now contains one field called strProductText which contains:
5 washing machines at the price of $3.25.
Outputting to an ASP page
To display the result in an asp page all you need is
As you can see it can be an effective an quick way of producing a full sentence. Notice we added the 's' after the product name
( you could ensure earlier that it was quantity was <>1 before adding this!) and that we also added the dollar sign in front of the price -
all available as part of the returned field in our recordset.
Concatenating in MS ACCESS
The process is almost identical if you're using an Access database - the only difference is you need to use the & sign instead of the + sign.
|
|
View highlighted Comments
 User Comments on 'Concatenate strings in sql'
|
|
|
Posted by :
 Archive Import (Bernie) at 16:25 on Thursday, April 10, 2003
|
Concatenating SQL strings is the worst thing you can do for application security reasons.
Do a search on the web for SQL Injection and you will see why.
Don't do it.
Use Parameratized Queries at least, and if you have SQL use Stored Procedures.
| |
|
|
Posted by :
 pathak at 00:54 on Wednesday, March 03, 2004
|
have this problem that i havent been able to solve for almost a week now.....
i am designing this SQL server backend & ASP frontend software....
how do i update several fields at a time concurrently from the ASP??? the update query needs a primary key for the row to be selected but that primary key is being generated by SQL server as a counter.....so i am just defining the variable where this primary key is being stored. <%=rs(call_id))%> call_id being 1,2,3... upon generation
how do i select attributes pertaining to a particular call_id so that i make changes in that row upon pressing the save button?
| |
|
Posted by :
fuzzyonion at 15:50 on Monday, June 27, 2005
|
The technique described doesn't present any security issues. The query wasn't formed from data obtained from users. The only string concatenation was of data retrieved from the database. SQL Injection involves unsafely using data from users in an SQL query and forming the query from that data, using concatenation most likely. But all that happens before the query is exectuted.
The problem would be if instead of saying product_id=35, he had received the 35 as an input from the user. Then if the user sent something like 35;drop table products, it could cause problems, dropping the table after doing the select. Make sense?
| |
|
To post comments you need to become a member. If you are already a member, please log in .
 
| RELATED ARTICLES |
ASP Format Date and Time Script
by Jeff Anderson
An ASP script showing the variety of date and time formats possible using the FormatDateTime Function. |
 |
Creating a Dynamic Reports using ASP and Excel
by Jeff Anderson
A simple way to generate Excel reports from a database using Excel. |
|
Create an ASP SQL Stored Procedure
by Jeff Anderson
A beginners guide to setting up a stored procedure in SQL server and calling it from an ASP page. |
|
ASP Shopping Cart
by CodeToad Plus!
Complete source code and demo database(Access, though SQL compatible) to an ASP database driven e-commerce shopping basket, taking the user through from product selection to checkout. Available to CodeToad Plus! Members |
|
Email validation using Regular Expression
by Jeff Anderson
Using regular expression syntax is an exellent way to thoroughly validate an email. It's possible in ASP. |
|
Creating an SQL Trigger
by Jeff Anderson
A beginners guide to creating a Trigger in SQL Server |
|
MagicGrid
by Abhijeet Kaulgud
MagicGrid is an all-in-one grid for ASP programmers. It is a 3 Level Hierarchial Grid. You can Add, Edit, Delete Items under all the three levels. You can also cut-copy-paste Items from one level to other, It happens just by drag & drop! |
|
The asp:checkbox and asp:checkboxlist control
by David Sussman, et al
Checkboxes are similar to radio buttons, and in HTML, they were used to allow multiple choices from a group of buttons. |
|
ASP.NET Forum Source Code
by ITCN
Complete open source website Forum and Discussion Board programmed in Microsoft dot Net 1.1 Framework with Visual Basic. |
|
The asp:listbox control
by David Sussman, et al
The next HTML server control that we'll look at, <asp:listbox>, is very much related to <asp:dropdownlist>. |
|
| |
