[thelist] huge MySQL query in ASP without stored procedures
VOLKAN ÖZÇELİK
volkan.ozcelik at gmail.com
Tue May 9 04:44:59 CDT 2006
On 5/8/06, Matt Warden <mwarden at gmail.com> wrote:
>
> Defining the query in JScript seems like it would be the least hassle:
>
> var sql = '\
> select ... \
> from ... \
> ... \
> ... \
> etc.';
Not exactly the solution to this problem, but I wanted to share my
situation, because it may help others in my position.
I use a similar version of mySQL (and asp.net with c#).
Since I cannot create queries (and stored procedures) in the mySQL version I
use (was 4.1.2, I suppose) I created a QueryPool class, where I store
queries as static members of the class; and use String.Format to add filters
to them.
The class is something like
public sealed class QueryPool
{
public const string qryHasLinkPopularity =
"SELECT lngLinkPopularityID FROM tblLinkPopularity WHERE
id={0}";
//don't let anyone instantiate this class
private QueryPool(){}
...
And then
String.Format(QueryPool.qryHasLinkPopularity, Converter.ToDBNumber
(lngLinkID));
to generate the query.
where lngLinkID is something coming from post data (it's type is String).
Converter is my helper class which I use to prevent badly formatted data.
In addition I use it as a security measure (to prevent SQL injections).
ToDBNumber retuns an integer if lngLinkID is a valid numeric data.
Though, I guess, it is hard to do it using classic ASP.
Cheers,
--
Volkan Ozcelik
+>Yep! I'm blogging! : http://www.volkanozcelik.com/volkanozcelik/blog/
+> My projects/studies/trials/errors : http://www.sarmal.com/
More information about the thelist
mailing list