Home
Search results “Concat string sql oracle”
Oracle Database11g tutorials 12 || SQL Concat Function - SQL character manipulation function
 
04:47
Link for SQL concat function: http://www.rebellionrider.com/SQL-concat-function.htm SQL Concat function/SQL concat() function First function of SQL character manipulation function. Two have in depth knowledge of SQL concatenation operator Please watch my video on SQL concatenation Operator http://youtu.be/PYMeFe72Bas Tool used in this tutorial is command prompt. This tutorial series is part of SQL expert exam certification training. if you are preparing for SQL certification you can use my tutorials. This SQL Tutorial is a part of free training. Copy Cloud referral link || Use this link to join copy cloud and get 20GB of free storage https://copy.com?r=j7eYO7 Link for SQL function introduction Video 10 http://youtu.be/5rx8Q4x4-qI Link SQL concat Article http://www.rebellionrider.com/SQL-concat-function.htm Contacts E-Mail [email protected] Twitter https://twitter.com/rebellionrider Instagram http://instagram.com/rebellionrider Facebook. https://www.facebook.com/imthebhardwaj Linkedin. in.linkedin.com/in/mannbhardwaj/ Thanks for linking, commenting, sharing and watching more of our videos This is Manish from RebellionRider.com -------------------------------------------------------------------------------------------- SQL Concat () function is a Character manipulation function which is a category of SQL character function. We have already discussed the intro of SQL character function in Video 10. You can find link of this video in description below. Ok let's go ahead. SQL Concat () function concatenates two separate character string into one character string. Let's see the syntax Concat (string_1 , String_2) Note here that SQL Concat function takes only two arguments at a time. This SQL Concat function will return string_1 concatenated with string_2. This also means that it will return a single string which is a combined string of parameter String_1 and String_2. Both the parameters of SQL Concat function String_1 and string_2 can be of any data-type. You can even specify the columns of the table here. SQL Concat function is equivalent to the concatenation operator (||). SQL concatenation operator is represented by double solid vertical bars or we can say double pipe signs. Question: How to concatenate more than two strings as SQL Concat that can have only 2 parameters and what is the difference between SQL Concat Function and SQL concatenation operator? The one answer for the second Question What is the Difference between SQL Concat Function and SQL concatenation operator? Is While SQL Concat function takes only two parameters, The Concat operator can be repeated as often as is necessary. Meaning, by the help of SQL Concat operator you can combine as many strings as you want. And Concatenation operator is also not supported by several databases such as SQL server so this might cause problem. To answer the first question How to concatenate more than two strings as SQL Concat that can have only 2 parameters? We will have to jump over SQL developer. Let's see some examples. Say we want to retrieve the full name of an employee from Employees table. Let's try it using SQL Concat function. SELECT Concat (first_name, last_name) AS "Full Name" FROM employees; Here in this query we use two column names - first_name and last_name as arguments of our Concat function Execute. As you can see here, we get full name of our employee but there is no space in between first name and last name. We will see how to format this string using SQL Concat function in a few seconds But before that, let's see how to do the same task using SQL concatenation operator. SELECT first_name ||last_name AS "Full name" FROM employees; As you can see this query also produces the same result. Now we will see how to format full name of employees First we will do this using SQL concatenation Operator. SELECT first_name||' '||last_name AS "Full name" FROM employees; Now you can see we get space between first name and last name of the employee. Again, let's do it using SQL Concat function. Here we will see the nested function concept where we will be using nested Concat function to achieve this formatted string. SELECT Concat (Concat (first_name, ' '), last_name) FROM employees; Inner Concat function has two parameters. These are our first column name first_name and an empty string which will be a space between first name and second name. This Concat will now return a string which is the first name with space. This returning string will be the first input of our Outer Concat and column last_name will be the second input. All together this will give us the desired output. As you can see this method is complex than the first one where we use SQL concatenation operator.
Views: 78767 Manish Sharma
SQL FUNCTIONS:  CONCAT
 
06:08
The Best Site to Learn SQL Online
Views: 3779 TechnicalSkills
Oracle Tutorial - Concatenation Operator | CONCAT Function
 
06:33
Oracle Tutorials - Concatenation Operator | CONCAT Function
Views: 73 Tech Acad
SQL Concatenate All Rows Into A String
 
06:24
Combine all rows into a single string adventure works example. This method uses coalesce to remove the leading comma. Easier than for xml path in my opinion. For XML path example(next video): https://www.youtube.com/watch?v=QwPjbQosjgw
Views: 3513 Blake B
SQL TUTORIAL - CHARACTER FUNCTIONS || TRIM || REPLACE || CONCAT || SUBSTR || INSTR || REPLACE
 
08:04
In this video i'm going to demonstrate you about oracle sql single row functions step by step. concat funcation, substr function, instr function, lpad function, rpad function, trim function, replace function.
Views: 2466 OCP Technology
89. CONCAT Function in SQL (Hindi)
 
05:18
Please Subscribe Channel Like, Share and Comment Visit : www.geekyshows.com
Views: 6996 Geeky Shows
Oracle Database11g tutorials 5   How to use Concatenation operator, character String
 
04:45
How to use Concatenation operator, character String!!!!!!
Views: 100 Quick Solution
How to use trim, concat, instr, length in Oracle Sql
 
08:38
How to use trim, concat, instr, length in Oracle Sql
Views: 365 Tanmun
Tutorial#23 Learn How to combine two or more  column/String using Concatenation Operator
 
08:11
Explaining How to combine two columns using the concatenation operator or in other words how to use concatenation in Oracle database or How to use concatenation operator for combining the output of two or more columns and how to use the literal character string orHow to join two column in SQL or Learn about the Concatenate function in the SQL Language. In this series we cover the following topics: SQL basics, create table oracle, SQL functions, SQL queries, SQL server, SQL developer installation, Oracle database installation, SQL Statement, OCA, Data Types, Types of data types, SQL Logical Operator, SQL Function,Join- Inner Join, Outer join, right outer join, left outer join, full outer join, self-join, cross join, View, SubQuery, Set Operator. In this videos, you may get the answer the following question concatenation operator in sql server concatenate sql query concatenate sql oracle concatenate in oracle sql developer oracle concatenate columns with space concat in where clause oracle concat string in where clause insert concatenate string sql sql string join sql concatenate string mysql concatenate string mysql query concatenate string Follow me on: Facebook Page: https://www.facebook.com/LrnWthr-319371861902642/?ref=bookmarks Contacts Email: [email protected] Instagram: https://www.instagram.com/lrnwthr/ Twitter: https://twitter.com/LrnWthR
Views: 99 EqualConnect Coach
Query without using Like operator find strings?
 
05:28
Hello guys in this video i explain how to find all employee who have a last character is 'N' without using like operator. Oracle database Unbeatable,Unbreakable Platform..
Views: 2125 Oracle World
SQL Tutorial - 38: The CONCAT() Function
 
04:09
In this tutorial we'll learn to use the CONCAT() Function to combine strings and display them together.
Views: 27628 The Bad Tutorials
SQL Basics Part-6 Concatenation of Strings
 
12:25
An easy way to learn SQL in SQL Server Management Studio Environment
Views: 301 SQL Learn & Share
CONCAT Function in SQL Query with Example
 
04:26
CONCAT(): Syntax: CONCAT(char1,char2); CONCAT returns char1 concatenated with char2. Both char1 and char2 can be any of the datatypes CHAR, VARCHAR2, NCHAR, NVARCHAR2, CLOB, or NCLOB. The string returned is in the same character set as char1. Its datatype depends on the datatypes of the arguments. In concatenations of two different datatypes, Oracle Database returns the datatype that results in a lossless conversion. Therefore, if one of the arguments is a LOB, then the returned value is a LOB. If one of the arguments is a national datatype, then the returned value is a national datatype. For example: CONCAT(CLOB, NCLOB) returns NCLOB CONCAT(NCLOB, NCHAR) returns NCLOB CONCAT(NCLOB, CHAR) returns NCLOB CONCAT(NCHAR, CLOB) returns NCLOB This function is equivalent to the concatenation operator (||). We can achieve the same using operator '||'. Below two statements are equal: select concat(concat(ename,'''salary is:'),sal) from emp; select ename||'''salary is:'||sal from emp;
Views: 4439 WingsOfTechnology
Oracle SQL Video Tutorial 5 : Concatenation Operator
 
10:37
Oracle SQL Video Tutorials 5 : Concantenation Operator
Views: 2285 Just Channel
group by and string concatenation in oracle and mysql
 
02:52
Code and details: https://blog.softhints.com/group-by-and-string-concatenation-in-oracle-and-mysql/ --------------------------------------------------------------------------------------------------------------------------------------------------------------- If you really find this channel useful and enjoy the content, you're welcome to support me and this channel with a small donation via PayPal and Bitcoin. PayPal donation https://www.paypal.me/fantasyan Bitcoin: 1DBZu6N9JTpRDdc9QChLZnX3v2iVRaQ4ym Programming is a fun! :) Site: www.softhints.com Facebook: www.facebook.com/Softhints/ Twitter: www.twitter.com/SoftwareHints
Views: 9 Softhints
Sql Training Online - Sql Concatenate
 
03:30
Learn about the Concatenate function in the SQL Language. Visit http://www.SqlTrainingOnline.com for 30 more FREE videos. The Microsoft SQL Server 2012 SQL Concatenate is another way of saying you want to put two different values or strings together in your SQL query or sql statement. You can visit me at any of the following: SQL Training Online: http://www.sqltrainingonline.com Twitter: http://www.twitter.com/sql_by_joey Google+: https://plus.google.com/#100925239624117719658/posts LinkedIn: http://www.linkedin.com/in/joeyblue Facebook: http://www.facebook.com/sqltrainingonline
Views: 8832 Joey Blue
SQL Server -  Concatenate Multiple Rows Into Single String
 
03:21
This video will show you how to concatenate multiple rows into a single string in SQL SERVER. Of course there are multiple solutions for this situation, but this is the way I prefer doing it. :)
Views: 3023 JiFacts
Tutorial#33 How to Join  two Columns using concatenation function in Oracle SQL Database
 
06:51
How to concatenate/join/combine two or more columns, string, Number using Concatenation Function or How to Concatenate String and Integer Values in SQL Server or Concatenate String and column by using Concatenation function in Oracle SQL Or How to use Concatenation Function in Oracle database Assignment link: https://drive.google.com/open?id=1u-2Mj-27KxM5FZwRTVXNv7dwXQsAtzkn In this series we cover the following topics: SQL basics, create table oracle, SQL functions, SQL queries, SQL server, SQL developer installation, Oracle database installation, SQL Statement, OCA, Data Types, Types of data types, SQL Logical Operator, SQL Function,Join- Inner Join, Outer join, right outer join, left outer join, full outer join, self-join, cross join, View, SubQuery, Set Operator. follow me on: Facebook Page: https://www.facebook.com/LrnWthr-319371861902642/?ref=bookmarks Contacts Email: [email protected] Instagram: https://www.instagram.com/equalconnect/ Twitter: https://twitter.com/LrnWthR
Views: 66 EqualConnect Coach
length, concat & chr | sql functions | oracle database 11g version 2 |
 
05:24
executed in oracle database 11g version 2
Views: 120 Education 4u
CONCAT() function in SQL Server 2012
 
10:30
Concatenate Strings and Columns by using new CONCAT() function in SQL Server 2012 Check the whole "SQL Server 2012" series here: https://www.youtube.com/playlist?list=PLU9JMEzjCv17Wwmn5iFbDs5kIyvn8M3xd Check my SQL blog at: http://sqlwithmanoj.com/ Check my SQL FB Page at: https://www.facebook.com/sqlwithmanoj
Views: 7181 SQL with Manoj
Concat Strings with or without Function in Oracle Database
 
11:50
oracle concat multiple strings, oracle concatenate string, concatenate in oracle sql developer, oracle concatenate columns with space, oracle concatenate string and number, oracle concatenate columns with comma, oracle concatenate rows into string, oracle concatenate all columns into string
Views: 13 Adam Tech
How to Concatenate String Values with Integer values in SQL Server - TSQL Tutorial
 
10:23
How to Concatenate String and Integer Values in SQL Server ( + Sign vs CONCAT ) - TSQL Tutorial Working with Databases is fun. On daily basis we save data into tables in different columns and often we need to write queries which involve concatenation of multiple columns of different datatypes to produce our final output. In below example we have saved some data into #Customer Table which has Street Address column as string and zip as INT. we want to produce Full Address by concatenating these columns. To concatenate we can use + sign but this works only with String values. So if we have any Integer value/s we have to convert them to String first. We can use Cast or Convert function to convert Integer value to string. Also if there is any Null value among which values we are concatenating , our output will be Null by using + sign. To take care of that part we can use either ISNULL() or Coalesce Function to replace NULL with blank value in SQL Server. In SQL Server 2012 and Later versions, CONCAT function was introduced. You can concatenate multiple values by using this function. Fun part of this function is you don't have to worry about Null outcome as it will Ignore Null values and also you don't have to worry about converting INT into strings, It will take care of that automatically. So if you are using new versions such as 2012 or later, start taking advantage of this function. Blog post link for the video with script http://sqlage.blogspot.com/2015/03/how-to-concatenate-string-and-integer.html
Views: 15462 TechBrothersIT
06- Oracle SQL-Arabic Course Concatenation Operator-Quote q Operator-DISTINCT-DESCRIBEاوراكل ديفلوبر
 
09:22
أهلا بكم فى درس جديد من سلسلة دروس أوراكل ديفلوبر شرح SQL فى درس اليوم نتحدث عن Concatenation Operator & Quote q Operator & DISTINCT & DESCRIBE .......................................­.................... تواصل معانا علي الفيس بوك من هنا : https://www.facebook.com/askgad .......................................­.................... تواصل معانا علي موقعنا من هنا : https://www.askgad.com
Views: 3873 Ask Gad
Oracle INSTR Function
 
03:28
https://www.databasestar.com/oracle-instr/ The Oracle INSTR function allows you to search a string for the occurrence of another string, and return the position of the occurrence within a string. It’s helpful for finding if a string exists within another string. It can also be used for performing further string manipulation on, like substrings. The syntax of the INSTR function is: INSTR(string, substring [, start_position [, occurrence]]) These parameters are: string: The text string that is searched in. It’s usually the larger of the two strings. Mandatory. substring: The text to search for. It’s usually the smaller of the two strings. Mandatory. start_position: This is an integer value which indicates where in the string value to start the search. Optional, and the default is 1. occurrence: The occurrence of the substring to search for. Optional, and the default is 1, which means the first occurrence. Also, the searches performed by the INSTR function are case-sensitive. The value returned by INSTR is a number value, which is the number in the location of the string where the substring is found. The first character is 1. For more information about the Oracle INSTR function, including all of the SQL shown in this video and the examples, read the related article here: https://www.databasestar.com/oracle-instr/
Views: 4859 Database Star
concatination operator with select statement Oracle
 
06:48
Oracle / PLSQL: CONCAT Function Description. The Oracle/PLSQL CONCAT function allows you to concatenate two strings together. Syntax. The syntax for the CONCAT function in Oracle/PLSQL is: CONCAT( string1, string2 ) ... Note. See also the || operator. Returns. The CONCAT function returns a string value. Applies To. ... Example. ... Frequently Asked Questions. Oracle Database11g tutorials 6 | | How to use Concatenation operator, character String How to use concatenation operator for combining the output of two or more columns and how to use literal character string This ... Oracle Database11g tutorials 12 || SQL Concat Function - SQL character manipulation function Link for SQL concat function: http://www.rebellionrider.com/SQL-concat-function.htm SQL Concat function/SQL concat() function ... CC CONCAT & PIPE "||" Operators in Oracle | Oracle Tutorials for Beginners Oracle PL/SQL World CONCAT & PIPE "||" Operators in Oracle | Oracle Tutorials for Beginners Oracle Tutorials for Beginners CONCAT Operators in ... SELECT Statement: Concatenation - Oracle PL Programming Languages • Concatenation The usage of SELECT: Sql Training Online - Sql Concatenate • Learn about the Concatenate function in the SQL Language. Visit for 30 more FREE videos. 10:37 Oracle SQL Video Tutorial 5 : Concatenation Operator Just Channel • Oracle SQL Video Tutorials 5 : Concantenation Operator. oracle concat multiple strings concatenate in oracle sql developer concatenation operator in sql server oracle concatenate columns with space oracle concatenate string and number oracle concatenate rows concatenate in oracle sql query
Views: 16 Muo sigma classes
Oracle Database Tutorial 4: Conacatination Operation In Sql
 
04:51
Image result for concatenation in oracle The Oracle CONCAT function allows you to concatenate, or combined, two strings together into one string. In Oracle the concatenation operator concatenate in oracle sql developer oracle concatenate rows oracle concatenate columns with space oracle concatenate rows into string oracle concatenate string and number oracle concat 3 concat in where clause oracle
Concatenate in SQL
 
02:19
How to concatenate in SQL Server
Views: 1099 Amanda Siegel
Ep 6 | Learn Concatenate operator & Alias Name In Oracle |  Urdu/Hindi
 
07:21
How to Use Where concatenate operator In Oracle Sql Dagabase? 03357767519 How to Use Where Alias Name In Oracle Sql Dagabase? In this Video I WIll Teach You What is concatenate operator In Oracle? & How can you Use Where Clause In Oracle SQL Database. What is Alias Name and how to use in Oracle SQL. Online Complete COurse Oracle Development In Urdu/Hindi Online Complete COurse Oracle Development In Hindi/Urdu For More Information COmment Us I will Reply. Plz Like Our Video .. Subscribe Our Channel.. Visit Our Facebook Page and Like : Www.facebook.com/saudiantech Our Website: www.Saudiantech.com Accounts Software Developer Faisalabad 0335-7767519 Oracle Software Developer Faisalabad 0335-7767519 LEarn Oracle 0335-7767519 Learn Oracle Development
Views: 55 Usman Anwar
How to use Concatenation operator in SQL in Hindi
 
05:15
In this video we are continue with SQL chapter 1, And get knowledge about oracle 10g sql part.
Views: 1810 OCP Technology
Oracle SQL Select Statement Part   II with Concat Oprater and Alias
 
09:54
You can rename a table or a column temporarily by giving another name known as alias. The use of table aliases means to rename a table in a particular SQL statement. The renaming is a temporary change and the actual table name does not change in the database. The column aliases are used to rename a table's columns for the purpose of a particular SQL query.
Views: 34 Data Mountain
CONCATENATION OPERATOR, TO_CHAR CURRENCY, MONEY SYMBOL in oracle SQL
 
04:56
How to use concatenation operator, to_char, currency symbol, display money
SQL SERVER TUTORIAL - STRING FUNCTIONS CONCAT(), LEN(), DATALENGTH(), REPLACE()  in HINDI part-3
 
13:35
In this video, You can understand about STRING functions (CONCAT(), LEN(), DATALENGTH(), REPLACE())in SQL with examples
SQL for Concatenate many rows into a single string
 
00:54
SQL code Concatenate many rows into a single text string
Views: 1841 Tutorials_888
Concat Strings in SQL Server using T-SQL - SQL in Sixty Seconds #035
 
00:55
Concatenating string is one of the most common tasks in SQL Server and every developer has to come across it. We have to concat the string when we have to see the display full name of the person from first name and last name. In this video we will see various methods to concatenate the strings. SQL Server 2012 has introduced new function CONCAT which concatenates the strings much efficiently. Read more here: http://bit.ly/YuhjuZ
Views: 11327 Pinal Dave
Oracle SQL Developer Tutorial For Beginners   95   Concatenation
 
02:20
Oracle SQL Developer Tutorial For Beginners Series. This course introduces Oracle SQL Development for its subscribers. Currently this is based on Oracle 12c. The test environment is in Windows 10.
Views: 651 Sam Dhanasekaran
APEX12 of 30: SQL code to concatenate display columns in a dynamic LOV.  APEX does LOV SQL code
 
19:26
APEX 18.1 video 12 of 30: Look at the data model (data dictionary) using SQL Developer and data then decide what additional static and dynamic LOVs are used. Create the LOVs. See how APEX writes the SQL code when you use the “dynamic list of values” interface. See how to combine more than one column in the LOV’s display column. Combining two or more columns is called concatenating a display column. select lname || ', ' || fname || ': ' || pers_ID as display, pers_id as return from persons order by 1; select lname || ', ' || fname || ': ' || persons.pers_ID as display, persons.pers_id as return from persons inner join employees on persons.pers_id = employees.pers_id order by 1; select city || ', ' || state || ' ' || zip as display, zip_id as return from zips order by 1; select name || ', ' || dom_breed || ': ' || animal_id as display, animal_id as return from animals inner join dom_breed_lookup on animals.dom_breed_id = dom_breed_lookup.dom_breed_id order by name;
Views: 414 Jennifer Kreie
PL/SQL Tutorial 2 (Oracle): Concatenate Command
 
01:48
PL/SQL Tutorial 2 (Oracle): Concatenate Command In this tutorial I show you how to use the concatenate command in PL/SQL. Source Code: https://github.com/mitchtabian/SQL-tutorials Subscribe to my Blog and YouTube channel to get notifications when new FREE coding tutorials are posted! Blog: http://www.codingwithmitch.com/
Views: 349 CodingWithMitch
Oracle Database 11g tutorials 5 : How to use Concatenation operator
 
07:27
In this tutorials we will see how to cancate operator or character string using concatenation operator ............. in previous video we discussed about Select statement ... link : https://www.youtube.com/watch?v=EJ_ZOMLX5Uk&t=1s contact : email: [email protected] FB: https://www.facebook.com/Hossain.Misho
SQL CONCAT Function - how to use CONCAT Function
 
01:52
SQL CONCAT function allows you to concatenate strings together. visit Dose for excel Add-In website: http://www.zbrainsoft.com/ Visit our channel: https://www.youtube.com/channel/UCI4bMWYzrBTs47KINXL92Kw
SQL 086 String Scalar Concatenate, || or How can I attach values?
 
02:08
Explains the String Scalar Function Concatenate || or How can I attach values? From http://ComputerBasedTrainingInc.com SQL Course. Learn by doing SQL commands for ANSI Standard SQL, Access, DB2, MySQL, Oracle, PostgreSQL, and SQL Server.
Views: 395 cbtinc
SQL Tutorial - 13: Inserting Data Into a Table From Another Table
 
07:00
In this tutorial we'll learn to use the INSERT Query to copy data from one table into another.
Views: 252322 The Bad Tutorials
Tutorial 8 : SQL CONCAT() Function
 
07:18
Hi Friends! Here we'll learn about CONCAT() function. And what is the difference between Concatenation Operator and CONCAT() Function.
Views: 55 YourSmartCode
Dynamic SQL in Stored Procedure
 
09:32
In this video we will discuss, using dynamic sql in a stored procedure and it's implications from sql injection perspective. We will discuss performance implications of using dynamic sql in a stored procedure in a later video. Text version of the video http://csharp-video-tutorials.blogspot.com/2017/04/dynamic-sql-in-stored-procedure.html Slides http://csharp-video-tutorials.blogspot.com/2017/04/dynamic-sql-in-stored-procedure_11.html All SQL Server Text Articles http://csharp-video-tutorials.blogspot.com/p/free-sql-server-video-tutorials-for.html All SQL Server Slides http://csharp-video-tutorials.blogspot.com/p/sql-server.html All SQL Server Tutorial Videos https://www.youtube.com/playlist?list=PL08903FB7ACA1C2FB All Dot Net and SQL Server Tutorials in English https://www.youtube.com/user/kudvenkat/playlists?view=1&sort=dd All Dot Net and SQL Server Tutorials in Arabic https://www.youtube.com/c/KudvenkatArabic/playlists Consider the following stored procedure "spSearchEmployees". We implemented this procedure in Part 139 of SQL Server tutorial. This stored procedure does not have any dynamic sql in it. It is all static sql and is immune to sql injection. Create Procedure spSearchEmployees @FirstName nvarchar(100) = NULL, @LastName nvarchar(100) = NULL, @Gender nvarchar(50) = NULL, @Salary int = NULL As Begin Select * from Employees where (FirstName = @FirstName OR @FirstName IS NULL) AND (LastName = @LastName OR @LastName IS NULL) AND (Gender = @Gender OR @Gender IS NULL) AND (Salary = @Salary OR @Salary IS NULL) End Go Whether you are creating your dynamic sql queries in a client application like ASP.NET web application or in a stored procedure, you should never ever concatenate user input values. Instead you should be using parameters. Notice in the following example, we are creating dynamic sql queries by concatenating parameter values, instead of using parameterized queries. This stored procedure is prone to SQL injection. Let's prove this by creating a "Search Page" that calls this procedure. Create Procedure spSearchEmployeesBadDynamicSQL @FirstName nvarchar(100) = NULL, @LastName nvarchar(100) = NULL, @Gender nvarchar(50) = NULL, @Salary int = NULL As Begin Declare @sql nvarchar(max) Set @sql = 'Select * from Employees where 1 = 1' if(@FirstName is not null) Set @sql = @sql + ' and FirstName=''' + @FirstName + '''' if(@LastName is not null) Set @sql = @sql + ' and LastName=''' + @LastName + '''' if(@Gender is not null) Set @sql = @sql + ' and Gender=''' + @Gender + '''' if(@Salary is not null) Set @sql = @sql + ' and Salary=''' + @Salary + '''' Execute sp_executesql @sql End Go Add a Web Page to the project that we have been working with in our previous video. Name it "DynamicSQLInStoredProcedure.aspx". Copy and paste the HTML and code available on my blog at the following link http://csharp-video-tutorials.blogspot.com/2017/04/dynamic-sql-in-stored-procedure.html At this point, run the application and type the following text in the "Firsname" text and click "Search" button. Notice "SalesDB" database is dropped. Our application is prone to SQL injection as we have implemented dynamic sql in our stored procedure by concatenating strings instead of using parameters. ' Drop database SalesDB -- In the following stored procedure we have implemented dynamic sql by using parameters, so this is not prone to sql injecttion. This is an example for good dynamic sql implementation. Create Procedure spSearchEmployeesGoodDynamicSQL @FirstName nvarchar(100) = NULL, @LastName nvarchar(100) = NULL, @Gender nvarchar(50) = NULL, @Salary int = NULL As Begin Declare @sql nvarchar(max) Declare @sqlParams nvarchar(max) Set @sql = 'Select * from Employees where 1 = 1' if(@FirstName is not null) Set @sql = @sql + ' and [email protected]' if(@LastName is not null) Set @sql = @sql + ' and [email protected]' if(@Gender is not null) Set @sql = @sql + ' and [email protected]' if(@Salary is not null) Set @sql = @sql + ' and [email protected]' Execute sp_executesql @sql, N'@FN nvarchar(50), @LN nvarchar(50), @Gen nvarchar(50), @sal int', @[email protected], @[email protected], @[email protected], @[email protected] End Go On the code-behind page, use stored procedure spSearchEmployeesGoodDynamicSQL instead of spSearchEmployeesBadDynamicSQL. We do not have to change any other code. At this point run the application one more time and type the following text in the "Firstname" textbox and click the "Search" button. ' Drop database SalesDB -- Notice "SalesDB" database is not dropped, So in this case our application is not succeptible to SQL injection attack. Summary : Whether you are creating dynamic sql in a client application (like a web application) or in a stored procedure always use parameters instead of concatnating strings. Using parameters to create dynamic sql statements prevents sql injection.
Views: 32341 kudvenkat
Concat Two Strings With / Without Concat Function in Sql Server
 
07:44
Concat String in Sql Server
Views: 10 C Plus+
Oracle Database tutorials 4:  database connectivity using SQL developer and command prompt
 
09:19
Blog Link: http://bit.ly/how-to-create-new-connection-in-sql-developer Wishlist: http://bit.ly/wishlist-amazon This SQL tutorial and Oracle database 11g tutorial for beginners will show how to connect to database either on a local machine or on a machine in your LAN using ip address. Tool used in this tutorial is SQL developer & command prompt. This tutorial series is part of SQL expert exam certification training. If you are preparing for SQL certification you can use my tutorials. This SQL Tutorial is a part of free training. Copy Cloud referral link || Use this link to join copy cloud and get 20GB of free storage https://copy.com?r=j7eYO7 Contacts Email [email protected] Twitter https://twitter.com/rebellionrider Instagram http://instagram.com/RebellionRider Facebook. https://www.facebook.com/imthebhardwaj Linkedin. in.linkedin.com/in/mannbhardwaj/ Thanks for linking, commenting, sharing and watching more of our videos The Code makers
Views: 279075 Manish Sharma
PLSQL Class13 StringFunctions INITCAP LENGTH CONCAT REVERSE
 
09:50
Course : PL SQL Topic : StringFunctions INITCAP LENGTH CONCAT REVERSE (10 m) Here i discussed String Functions Watch till end and add comment about the video like it ! share it !