Hi

I have this:

But I read that in SF help that is best use paramaters, I have used parameters in other queries and not problem with boolean fields, but I can not make it work using the Month function. I need this for recover only sales orders for current month and year.

Kindest regards.

Everything is possible, just keep trying...

Hi Juan Carlos,



Here are 2 ways of getting the same result. I prefer the 2nd one.

Edhy Rijo

If the data comes from a user, you want to use the second option (with parameters). The method you initially showed and the first one Edhy showed are both vulnerable to SQL Injection attacks.



Also, parametrized queries I believe allow for the query plan to be cached, thus they are faster.



Mostly for the first reason, all of my sql statements are parametrized.

Hi Edhy and Greg

I will use this:

But where comes this: @pCurrenthMonth  and "@pCurrentYear?

I think they should be here:

Public Sub FillMonthSales()

But I can figure it out, because og this:  FillMonthSales(ByVal DatePay as ....)

I litle more help please.

Regards

Everything is possible, just keep trying...

Hi Juan,



I have no idea what are you asking form. Please re-read your post and re-phrase it.



By the way, did you try the code?

Edhy Rijo

Hi Edhy

This is the code you give as sample: Using cmd As New SqlCommand Dim strSQLStringWithParameters = "SELECT * FROM Sales WHERE Payment = 1 AND Month(DatePay) = @pCurrenthMonth AND Year(DatePay)= @pCurrentYear" cmd.Parameters.AddWithValue("@pCurrenthMonth", currenthmonth).SqlDbType = SqlDbType.Int cmd.Parameters.AddWithValue("@pCurrentYear", currentyear).SqlDbType = SqlDbType.Int Me.FillDataTable(strSQLStringWithParameters) End Using My question is this: Where does @pCurrentMonth and @pCurrentYear come from? Sales is the table, Payment is a boolean field, Month(DatePay) and Year(DatePay) are functions to retrieve the month and year from the DatePay field in the sales table. But in cmd.Parameters.AddWithValue("@CurrenthMonth", currenthmonth).SqlDbType = SqlDBType.Int you use this: "@pCurrentMonth" (same for the year part). I can not find where to declare this. The error message shows this: Debe declarar la variable escalar "@pCurrentMonth" Hope it makes more sense. Regards

Everything is possible, just keep trying...

It is coming from your code in http://forum.strataframe.net/FindPost24872.aspx in your sample you declare those variables, I simply use it as a sample, but you have to provide their values.

Edhy Rijo

I think you're just missing it by a bit here Juan.



Two things are going on:



1. You are creating a SqlCommand object, that will become a SQL statement that is executed on SQL Server:









This will end up as the following SQL statement:







2. You are defining the values used by the parameters. Here you define parameters that will end up in SQL, with values you are providing via .NET variables.





Note that currentmonth and currentyear are just .net variables. You can pass them into the fill method or pass in a date and then get the month/year or as you originally showed, just use the current date. They are just .NET variables, handled however makes sense in your situation.



No matter how you load up the currentmonth/currentyear variables, their values are passed along to SQL Server as parameters. The Parameters.AddWithValue methods essentially gets translated into SQL again (assuming that currentmonth was set to 10 and currentyear was 2009:







The important thing is that you define parameters within the SQL statement (" AND Month(DatePay) = @pCurrentMonth") and then also define a parameter of the correct SQL data type with the same name ("cmd.Parameters.AddWithValue("@pCurrentMonth", currentmonth)").

Thanks Greg

I follow your explanetion and finally get this work. Here is the final code:

Thanks for your help

Regards

Everything is possible, just keep trying...

Glad you got it working. Once you understand it, this is pretty straight forward.