[英]Query with parameters in C# (using SQL Server)
I have a problem with query in C#. 我在C#中有查询问题。
I have this part of code : 我有这部分代码:
string query1 = @"
SELECT TOP @howManyRows * FROM
(
SELECT
PRODUCTCODE_.ID_ AS PRODUCTCODE_ID_,
PRODUCTCODE_.CATEGORY_ AS CATEGORY_,
PRODUCTCODE_.DESCRIPTION_ AS DESCRIPTION_,
PRODUCTCODE_.MANUFACTURER_ AS MANUFACTURER_,
PRODUCTLINE_.CREATION_DATE_ AS CREATION_DATE_,
ROW_NUMBER() OVER (ORDER BY PRODUCTCODE_.CATEGORY_) AS ROWNUMBER_,
TOTALROWS_ = COUNT(*) OVER()
FROM
PRODUCTCODE_
INNER JOIN
PRODUCTLINE_ ON PRODUCTLINE_.ID_ = PRODUCTCODE_.PRODUCTLINE_ID_
) _tmpList
WHERE
ROWNUMBER_ >= @startingWith
ORDER BY CATEGORY_
";
SqlParameter param1 = new SqlParameter();
param1.ParameterName = "@howManyRows";
param1.Value = resultPerPage; //`resultPerPage` is an integer function parameter
SqlParameter param2 = new SqlParameter();
param2.ParameterName = "@startingWith";
param2.Value = startsWith; //`startWith` is an integer function parameter
SqlCommand cmd = new SqlCommand( query1, connect );
cmd.Parameters.Add( param1 );
cmd.Parameters.Add( param2 );
When debug arrived to SqlDataReader reader = cmd.ExecuteReader();
当调试到达
SqlDataReader reader = cmd.ExecuteReader();
then the exception is thrown: 然后抛出异常:
Incorrect syntax near @howManyRows ...
@howManyRows附近的语法不正确...
Why ? 为什么呢 I defined and added
howManyRows
with Parameters
property. 我定义并添加
howManyRows
带有Parameters
属性的howManyRows
。
Where is my mistakes ? 我的错误在哪里?
Change your top query syntax from 从更改您的热门查询语法
SELECT TOP @howManyRows * FROM
to 至
SELECT TOP (@howManyRows) * FROM
尝试将在TOP旁边指定的参数包装在括号中,如下所示:
SELECT TOP (@howManyRows) * FROM
您需要括号来参数化TOP
SELECT TOP (@howManyRows) * FROM
This will work. 这将起作用。
SELECT
PRODUCTCODE_.ID_ AS PRODUCTCODE_ID_,
PRODUCTCODE_.CATEGORY_ AS CATEGORY_,
PRODUCTCODE_.DESCRIPTION_ AS DESCRIPTION_,
PRODUCTCODE_.MANUFACTURER_ AS MANUFACTURER_,
PRODUCTLINE_.CREATION_DATE_ AS CREATION_DATE_,
ROW_NUMBER() OVER (ORDER BY PRODUCTCODE_.CATEGORY_) AS ROWNUMBER_,
TOTALROWS_ = COUNT(*) OVER()
FROM
PRODUCTCODE_
INNER JOIN
PRODUCTLINE_ ON PRODUCTLINE_.ID_ = PRODUCTCODE_.PRODUCTLINE_ID_
) _tmpList
WHERE
ROWNUMBER_ between @startingWith and (@startingWith + @howManyRows)
ORDER BY CATEGORY_
您需要添加几个括号才能使其正常工作。
SELECT TOP (@howManyRows) * FROM
You can do 你可以做
SELECT TOP (@howManyRows) * FROM
But this really depends on the Database Server you are using. 但这确实取决于您使用的数据库服务器。 For example, this is only supported from MSSQL Server 2005 upwards
例如,仅MSSQL Server 2005或更高版本才支持此功能
If this does not work you can do the following... 如果这不起作用,则可以执行以下操作...
You can include this into your query string. 您可以将其包含在查询字符串中。 But this can result in Sql Injection if you don't check the value of your variable.
但是 ,如果不检查变量的值,则可能导致Sql Injection。
int top = 10;
Int32.TryParse(howManyRows.ToString(), out top);
string query1 = "SELECT TOP " + top.ToString() + @" * FROM
(
SELECT
PRODUCTCODE_.ID_ AS PRODUCTCODE_ID_,
PRODUCTCODE_.CATEGORY_ AS CATEGORY_,
PRODUCTCODE_.DESCRIPTION_ AS DESCRIPTION_,
PRODUCTCODE_.MANUFACTURER_ AS MANUFACTURER_,
PRODUCTLINE_.CREATION_DATE_ AS CREATION_DATE_,
ROW_NUMBER() OVER (ORDER BY PRODUCTCODE_.CATEGORY_) AS ROWNUMBER_,
TOTALROWS_ = COUNT(*) OVER()
FROM
PRODUCTCODE_
INNER JOIN
PRODUCTLINE_ ON PRODUCTLINE_.ID_ = PRODUCTCODE_.PRODUCTLINE_ID_
) _tmpList
WHERE
ROWNUMBER_ >= @startingWith
ORDER BY CATEGORY_
";
使用SELECT TOP(@howManyRows)
语法
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.