QueryFirst使用Dapper失败
[英]QueryFirst fails using Dapper
问题描述
I'm using Dapper and I'm calling QueryFirst method that returns the following error: 
我正在使用Dapper,并且正在调用QueryFirst方法,该方法返回以下错误:
ERROR [42000] [Microsoft][SQL Server Native Client 10.0][SQL Server]Must declare the scalar variable \\"@NombreDivision\\
public static int GetSegmentoDivision(string division)
{
int res = -1;
try
{
string query = "SELECT [SEGMENTID] FROM [ACCESSCONTROL].[dbo].[SEGMENT] WHERE [NAME] = (SELECT SEGMENTO FROM M4_DIVISION_SEGMENTO WHERE DIVISION = @NombreDivision)";
res = _odbc.QueryFirst<int>(query, new { NombreDivision = division });
}
catch (Exception ex)
{
LogHelper.Log(ex.ToString());
}
return res;
}
I cannot find what is it that I´m doing wrong. 我找不到我做错了什么。 I even have other similar queries that are working. 我什至还有其他类似的查询正在运行。 Can anyone help me out with this one?. 谁能帮我解决这个问题?
Thanks. 谢谢。
EDIT: I´m using OdbcConnection not sure if that helps. 编辑:我正在使用OdbcConnection不确定是否有帮助。
1 个解决方案
解决方案1
0 2017-10-19 19:31:33
I already found the problem. 我已经发现问题了。 It seems that OdbcConnection does not accept parametrized queries using '@' for preceding the parameters. 似乎OdbcConnection不接受使用'@'作为参数前面的参数化查询。 Instead you have to use '?'. 相反,您必须使用'?'。 And then send the parameters in the strict same order as they are expected to be replaced on the string. 然后按照与期望在字符串上替换的严格相同的顺序发送参数。
The solution I found was to send the value right into the query. 我发现的解决方案是将值直接发送到查询中。 This is nor reccomended tho. 这也是不建议的。 But in my case I just control all the flow of the application so this solution was not Sql Injection vulnerable. 但就我而言,我只控制应用程序的所有流程,因此该解决方案不受Sql Injection的影响。
More information: 更多信息:
https://stackoverflow.com/a/16481004/637840 https://stackoverflow.com/a/16481004/637840
https://stackoverflow.com/a/43651335/637840 https://stackoverflow.com/a/43651335/637840
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.