sql - What is the error The data types varchar and datetime2 are incompatible in the add operator - 


declare @state varchar(32) =null,         @industry varchar(128)= null,         @listsource varchar(128) = null,         @timezone varchar(30) =null declare @today datetime set     @today = getdate()  declare @ssql nvarchar(3000) set @state=1 set @industry=1 set @listsource=1 set @timezone=5 set @ssql =  'select top 20 p.id'+  char(10) +'from dbo.prospects p (nolock)'+ char(10) + 'where p.state=isnull('+ char(39)+@state +char(39)+','+'p.state)'+ char(10) + 'and p.industry ='+@industry + char(10) +'and p.listsource='+@listsource+ char(10) +' , p.statusid not in(-1,2,4,5,6,7,8,9,12,13,14)'+ char(10) +' , isnull(p.pushdate,'+char(39)+'1/1/1900'+char(39)+')<='+char(39)+@today+char(39)+ char(10) +'and p.timezone ='+@timezone+ char(10) +' order isnull(p.lastactivitydate,'+char(39)+'1/1/1900'+char(39)+')'

this immediate problem:

')<='+char(39)+@today+char(39)

you're trying use datetime in string concatenation. date isn't text - it's date. if want use in string concatenation, need convert text first, e.g.

')<=' + char(39) + convert(varchar(23), @today, 126) + char(39)

(see cast , convert documentation available styles. style 126 takes 23 characters, reckoning.)

the next problem building sql horribly insecure - you're vulnerable sql injection attacks if client did right thing , called using parameters. haven't shown you're doing ssql, should try hard can not building dynamic sql. there's certainly better solution available. avoiding dynamic sql, you'll end with:

  • much more readable code (every char(39) go, along string concatenation)
  • security against sql injection attacks
  • fewer conversions between non-text values , text, reduces opportunity error

Comments

Post a Comment

Popular posts from this blog

php - Submit Form Data without Reloading page -

i know question has been asked , answered bunch of times life of me can not solution work on code. believe if redo code, work properly, , in retrospect time i've spent on issue should have redone code...but beyond deadline , have working prototype up... can advise how update multiple forms on single page without reloading page? horrible @ php , complete noob js/jquery/ajax @ best. html/php in single file , believe causing me problems/is largest obstacle @ getting ajax form processing work. basically, want users to: select teams multiple dropdowns in form group 1 (league champs) , on update update db newly selected team without reloadding page. edit team scores per match , on score submit/update, update db new scores. for each requirement there multiple forms (1 each leagues, 1 each per match) have set class on each form id. everything works via php, form submission reloads page each time submitted , not ideal. i have tried ajax code here http://scotch.io/tutoria...
Read more

linux - Rails running on virtual machine in Windows -

the reason why want switch ubuntu people said gems works better on linux on windows. i don't want macbook pro rails development since love windows , cannot stand lack of apps mac. moreover, people saying ubuntu "better" mac: http://www.reddit.com/r/ubuntu/comments/1bgj1s/are_there_advantages_of_ubuntu_over_os_x_for/ does virtual box work enough doesn't have lag @ all? using i7-3517u cpu 8gb memory. need program in environment lag-free , not sluggish. or there alternatives recommend? i unsure permission settings or complicated stuffs regarding terminal. i'll using terminal develop. i'm still quite new here development in linux. please kind me >< thanks. @holyxiaoxin pretty sure should asking on superuser instead. nevertheless, suggest install ubuntu in partition instead of running virtual machine. here's guide https://help.ubuntu.com/community/windowsdualboot also, yes. developing in virtual machine accurate, @ end experiment w...
Read more