将整数数组传递给SQL Server存储过程
[英]Pass integer array to the SQL Server stored procedure
问题描述
Well this well answered question however I can't get it right for me. 
好吧,这个很好回答的问题,但是我无法解决。 What I am trying to do call a stored procedure from .NET Core project using Entity Framework with some parameters. 我正在尝试使用带有某些参数的Entity Framework从.NET Core项目中调用存储过程。 One of those parameter should be array (which I consider table type in SQL Server by create a custom table data type) type. 这些参数之一应该是数组(我通过创建自定义表数据类型来考虑SQL Server中的表类型)类型。 I followed this Stackoverflow link . 我遵循了这个Stackoverflow链接 。 But got an error when I tried to execute my SQL command. 但是当我尝试执行SQL命令时出现错误。
Here is my code: 这是我的代码:
DataTable dt = new DataTable();
dt.Columns.Add("ID", typeof(int));
foreach (var section in model.VMSectionIds) //model.VMSectionIds contains set of integers
{
dt.Rows.Add(section);
}
and finally I call stored procedure like this: 最后,我这样调用存储过程:
var sectiolist = new SqlParameter("@Sections", SqlDbType.Structured)
{
TypeName = "[dbo].[SectionList]",
Value = dt
};
_db.ExecuteSqlCommand("EXEC [SP_GenerateRegularEmployeeSalary] "+mastermodel.ID+","+ fromdate + "," + todate + ",1," + sectiolist + ""); //don't worry I took care of SQL injection for others parameter
But this execution throws an exception 但是此执行引发异常
SqlException: Must declare the scalar variable "@Sections"
I can't figure it out where exact problem is. 我不知道确切的问题在哪里。 Here call of stored procedure (with some static test parameter) from SQL for clear understanding of my stored procedure call mechanism: 这里从SQL调用存储过程(带有一些静态测试参数)以清楚地了解我的存储过程调用机制:
DECLARE @data [SectionList]
INSERT @data (Id) VALUES (2, 3)
EXEC [SP_GenerateRegularEmployeeSalary] 2,'20190401','20190430','1',@data
2 个解决方案
解决方案1
1 2019-06-08 06:34:22
he using ExecuteSqlCommand incorrectly. 他错误地使用了ExecuteSqlCommand。 he should not used string concatenation to avoid SQL Injection attacks in th application 他不应该使用字符串连接来避免应用程序中的SQL注入攻击
_db.ExecuteSqlCommand("EXEC SP_GenerateRegularEmployeeSalary @YOUR_PARAM_ON_STOREPROCEDURE", sectiolist); _db.ExecuteSqlCommand(“ EXEC SP_GenerateRegularEmployeeSalary @YOUR_PARAM_ON_STOREPROCEDURE”,教员);
解决方案2
1 已采纳 2019-06-08 07:06:36
Looks that you are using the ExecuteSqlCommand incorrectly. 看起来您在错误地使用ExecuteSqlCommand 。 Try this way and don't use string concatenation in your code to avoid SQL Injection attacks in your application. 尝试这种方式,不要在代码中使用字符串连接,以避免应用程序中的SQL Injection攻击。 Read more about it here . 在此处了解更多信息。
Also put the correct expected parameter names from the stored procedure: SP_GenerateRegularEmployeeSalary . 还要从存储过程中输入正确的预期参数名称: SP_GenerateRegularEmployeeSalary 。
Option 1 选项1
_db.ExecuteSqlCommand("EXEC [SP_GenerateRegularEmployeeSalary] @ID, @FromDate, @ToDate, @Flag, @Sections",
new SqlParameter("@ID", mastermodel.ID),
new SqlParameter("@FromDate", fromdate),
new SqlParameter("@ToDate", todate),
new SqlParameter("@Flag", 1),
new SqlParameter("@Sections", sectiolist));
Option 2 选项2
_db.ExecuteSqlCommand("EXEC [SP_GenerateRegularEmployeeSalary] @ID = {0}, @FromDate = {1}, @ToDate = {2}, @Flag = 1, @Sections = {4}", mastermodel.ID, fromdate, todate, sectiolist);
Please read this documentation about this method. 请阅读有关此方法的本文档。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.