[thelist] huge MySQL query in ASP without stored procedures

VOLKAN ÖZÇELİK volkan.ozcelik at gmail.com
Tue May 9 04:44:59 CDT 2006


On 5/8/06, Matt Warden <mwarden at gmail.com> wrote:

>
> Defining the query in JScript seems like it would be the least hassle:
>
> var sql = '\
> select ... \
> from ... \
> ... \
> ... \
> etc.';


Not exactly the solution to this problem, but I wanted to share my
situation, because it may help others in my position.

I use a similar version of mySQL (and asp.net with c#).

Since I cannot create queries (and stored procedures) in the mySQL version I
use (was 4.1.2, I suppose) I created a QueryPool class, where I store
queries as static members of the class; and use String.Format to add filters
to them.

The class is something like

    public sealed class QueryPool
    {
        public const string qryHasLinkPopularity =
            "SELECT lngLinkPopularityID FROM tblLinkPopularity WHERE
id={0}";

      //don't let anyone instantiate this class
      private QueryPool(){}
...

And then

String.Format(QueryPool.qryHasLinkPopularity, Converter.ToDBNumber
(lngLinkID));

to generate the query.

where lngLinkID is something coming from post data (it's type is String).

Converter is my helper class which I use to prevent badly formatted data.
In addition I use it as a security measure (to prevent SQL injections).
ToDBNumber retuns an integer if lngLinkID is a valid numeric data.

Though, I guess, it is hard to do it using classic ASP.

Cheers,
--
Volkan Ozcelik
+>Yep! I'm blogging! : http://www.volkanozcelik.com/volkanozcelik/blog/
+> My projects/studies/trials/errors : http://www.sarmal.com/



More information about the thelist mailing list