OleDBException未处理：查询中的语法错误（不完整的查询子句）

Question

I'm trying to execute a very simple SQL statement on an Access database through C#.

The statement is something like this:

select M_PASSWORD from TB_USERS where M_USERNAME = 'myuser'

and this is the C# code I'm using to execute the SQL statement:

string connString = @"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=" + sources.global_variables.db_source;
using (OleDbConnection connection = new OleDbConnection(connString))
{
    connection.Open();
    OleDbDataReader reader = null;
    OleDbCommand command = new OleDbCommand("SELECT @1 from @2 WHERE @3='@4'", connection);
    command.Parameters.AddWithValue("@1", db_column);
    command.Parameters.AddWithValue("@2", db_table);
    command.Parameters.AddWithValue("@3", db_where_column);
    command.Parameters.AddWithValue("@4", db_where_value);
    reader = command.ExecuteReader();
    //rest of code

Once I get to the line reader = command.ExecuteReader(); , the reader fails the execution of the query giving me the following error message: OleDBException was unhandled: Syntax error in query (Incomplete query clause) . I've debugged the code to see if I could see any wrong assignment in the parameters values, but they look fine.

Moreover, executing the exact same query on the Query Analyzer of the Database, I retrieve the value I want.

Could anyone give a tip to spot the problem and understand where I'm wrong?

Answer 1

I think you cant pick column names as parameter such that. It might be the problem.

Use if statement or other conditional statements for parameter and move your query to inside of your conditional statement.

Answer 2

I don't believe that parameters can be used in the fashion you posted. Parameters are used for filling in values (ie, placing a DateTime value into an update statement as the value of a DateTime column to be updated in a table).

Try changing your code such that the column names and table names are provided in text or are filled in as a string. You can build the query string up if you want to fill in different column names, different table names, and different column names in your where clause. So instead of what you posted, try something more like this:

string connString = @"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=" + sources.global_variables.db_source;
using (OleDbConnection connection = new OleDbConnection(connString))
{
    connection.Open();
    OleDbDataReader reader = null;
    string strQuery = "SELECT " + constStringColumnName1 + " FROM " + theTableNamePassedInAsString + " WHERE " + strWhereClauseBuiltEarlierInThisFunction + " = '@1'";
    OleDbCommand command = new OleDbCommand( strQuery , connection);
    command.Parameters.AddWithValue("@1", db_where_value);
    reader = command.ExecuteReader();
    //rest of code
}

Of course, you could format the string and plug in your changing selection column name, your table name, and your where clause. Build your select/command string, then use Parameters to fill in the actual value is the normal usage.

Answer 3

Try remove the ' on where parameter and use ? insted of @ like that

OleDbCommand command = new OleDbCommand("SELECT ? from ? WHERE ?=?", connection);
command.Parameters.AddWithValue("column", db_column);
command.Parameters.AddWithValue("table", db_table);
command.Parameters.AddWithValue("where_column", db_where_column);
command.Parameters.AddWithValue("where_value", db_where_value);

I dont know if you can use parameters on column name. If it won´t running try to execute the query without parameters using concat and only use parameters on where value