Problem with multi parameters -- sql server reporting services

sql server reporting services : Problem with multi parameters

Robert Bruckner [MSFT]
7/20/2004 6:36:22 PM

Did you try this expression (adding a blank between "Orders" and "WHERE"):
="SELECT OrderID FROM Orders " & IIF(Parameters!ID.Value="","","WHERE
OrderID IN (" + Parameters!ID.Value + ")")

Note: I'm sure you are aware that dynamically constructing a query
commandtext using user input (i.e. user-specified report parameters) opens
the door to all types of SQL injection attacks.

--
This posting is provided "AS IS" with no warranties, and confers no rights.

[quoted text, click to view]

Angi
7/20/2004 11:04:40 PM

Hi,

I use this syntax to enter multi value in a parameter textbox.

="SELECT OrderID FROM Orders" & IIF(Parameters!ID.Value="","","WHERE OrderID
IN (" + Parameters!ID.Value + ")")

When value is empty "", I can get all of the OrderID.
But when I enter OrderID like 001 (the datatype of the OrderID is Int),
it popup syntax error: Keyword 'IN' Syntax incorrect
What's wrong with my syntax? or the way to get all data and parameter data
is incorrect?
Thanks for your time.

Angi

angi
7/21/2004 6:34:19 PM

Robert,

Wow! Thanks so much!
I'm so careless.. (shy...)
The multi parameters problem trouble me so long until now, really exciting!
Thank you so much and those who ever help me.

Angi

"Robert Bruckner [MSFT]" <robruc@online.microsoft.com> ¼¶¼g©ó¶l¥ó·s»D
:eYXCjMsbEHA.3792@TK2MSFTNGP09.phx.gbl...
[quoted text, click to view]

Got something to say? Click here to post a reply to this thread.

Don't see what you're looking for? Try a search.

View other messages about sql server reporting services

home · blog · groups

Questions? Comments? Contact the dn