|
|
Home » ASP » Article
Concatenate strings in sql
|
| Article by: | Jeff Anderson ( 1362 ) (4/8/2003) |
|
| Summary: | A brief introduction to concatenating strings in an sql query (using SQL server or access databases). |
|
| Viewed: 296141 times |
Rating (111 votes): |
|
1.9 out of 5 |
|
|
|
Concatenate Strings in SQL
Sometime you may need to add a bit of text to a query result on the fly - as you query, you add the text.
This is called concatenating a string - literally meaning 'sticking together'.
It's really quite easy to do. Let's say we have a record in the products table
for 'washing machine' with an product_id of 35. There are 5 of them
in the quantity field and the product_price per item is $3.25. Here's the query we could use:
the recordset set now contains one field called strProductText which contains:
5 washing machines at the price of $3.25.
Outputting to an ASP page
To display the result in an asp page all you need is
|
As you can see it can be an effective an quick way of producing a full sentence. Notice we added the 's' after the product name
( you could ensure earlier that it was quantity was <>1 before adding this!) and that we also added the dollar sign in front of the price -
all available as part of the returned field in our recordset.
Concatenating in MS ACCESS
The process is almost identical if you're using an Access database - the only difference is you need to use the & sign instead of the + sign.
|
|
View highlighted Comments
User Comments on 'Concatenate strings in sql'
|
|
|
Posted by :
Archive Import (Bernie) at 16:25 on Thursday, April 10, 2003
|
Concatenating SQL strings is the worst thing you can do for application security reasons.
Do a search on the web for SQL Injection and you will see why.
Don't do it.
Use Parameratized Queries at least, and if you have SQL use Stored Procedures.
| |
|
|
Posted by :
pathak at 00:54 on Wednesday, March 03, 2004
|
have this problem that i havent been able to solve for almost a week now.....
i am designing this SQL server backend & ASP frontend software....
how do i update several fields at a time concurrently from the ASP??? the update query needs a primary key for the row to be selected but that primary key is being generated by SQL server as a counter.....so i am just defining the variable where this primary key is being stored. <%=rs(call_id))%> call_id being 1,2,3... upon generation
how do i select attributes pertaining to a particular call_id so that i make changes in that row upon pressing the save button?
| |
Posted by :
fuzzyonion at 15:50 on Monday, June 27, 2005
|
The technique described doesn't present any security issues. The query wasn't formed from data obtained from users. The only string concatenation was of data retrieved from the database. SQL Injection involves unsafely using data from users in an SQL query and forming the query from that data, using concatenation most likely. But all that happens before the query is exectuted.
The problem would be if instead of saying product_id=35, he had received the 35 as an input from the user. Then if the user sent something like 35;drop table products, it could cause problems, dropping the table after doing the select. Make sense?
| |
|
To post comments you need to become a member. If you are already a member, please log in .
| RELATED ARTICLES |
ASP FilesystemObject by Jeff Anderson
An introduction to the Filesystemobject |
 |
ASP GetTempName by Jeff Anderson
Use the GetTempName method to create a randomly generated temporary file on the server. |
 |
ASP OpenTextFile by Jeff Anderson
An introduction to the OpenTextFile Method of the FileSystemObject |
 |
ASP Format Date and Time Script by Jeff Anderson
An ASP script showing the variety of date and time formats possible using the FormatDateTime Function. |
 |
Email validation using Regular Expression by Jeff Anderson
Using regular expression syntax is an exellent way to thoroughly validate an email. It's possible in ASP. |
 |
ASP FileExists by Jeff Anderson
An introduction to the FileExistsMethod of the FileSystemObject |
 |
Creating a Dynamic Reports using ASP and Excel by Jeff Anderson
A simple way to generate Excel reports from a database using Excel. |
 |
Concatenate strings in sql by Jeff Anderson
A brief introduction to concatenating strings in an sql query (using SQL server or access databases). |
 |
Add or Subtract Hours in SQL or ASP using DateAdd by Jeff Anderson
A beginners guide to using the SQL DATEADD function to add or subtract hours. Particularly useful when setting the time displayed on the ASP page to a different time zone (eg when the server is in the US, and the site is for a UK audience). |
 |
ASP CreateTextFile by Jeff Anderson
An explanation of the CreateTextFile Method, part of the ASP FileSystemObject |
 |
| |