[英]unexpected error when trying to execute stored procedure
I get the following exception when i try to execute specific stored procedure : 当我尝试执行特定的存储过程时,出现以下异常:
Input string was in incorrect format
sQuery.Append("EXECUTE procedure get_department(" + dep_code + "," + emp_code + "," + batch_code + ")");
return DAL_Helper.Return_DataTable(sQuery.ToString());
I debug and make sure all the parameters are intger
. 我调试并确保所有参数都是intger
。
public DataTable Return_DataTable(string cmdText)
{
Open_Connection();
DataTable dt = new DataTable();
command.CommandText = cmdText;
command.CommandType = CommandType.Text;
command.Connection = connection;
try
{
dt.Load(command.ExecuteReader());
}
catch (IfxException ifxEx)// Handle IBM.data.informix : mostly catched
{
ErrMapping.WriteLog("\r\n Error Code: " + ifxEx.Errors[0].NativeError.ToString() +
"\r\n MEssage: " + ifxEx.Errors[0].Message);
throw new Exception("ERROR:" + ifxEx.Errors[0].NativeError.ToString() +
"\r\n MEssage: " + ifxEx.Errors[0].Message);
}
catch (Exception ex)// Handle all other exceptions.
{
ErrMapping.WriteLog("\r\n Error Message: " + ex.Message);
throw new Exception("\r\n Error Message: " + ex.Message);
}
finally
{
Close_Connection();
}
return dt;
}
public DataTable Return_DataTable(string cmdText, CommandType cmdType, Dictionary<string, string> Param_arr)
{
Open_Connection();
int return_val = -1;
DataTable dt = new DataTable();
command.CommandText = cmdText;
command.CommandType = cmdType;
if (cmdType == CommandType.StoredProcedure)
{
if (Param_arr != null)
{
command.Parameters.Clear();
if (Param_arr.Count > 0)
{
for (IEnumerator<KeyValuePair<string, string>> enumerator = Param_arr.GetEnumerator(); enumerator.MoveNext(); )
{
param = command.CreateParameter();
param.ParameterName = enumerator.Current.Key.ToString();
param.Value = enumerator.Current.Value.ToString();
command.Parameters.Add(param);
}
}
}
}
IfxDataReader dr2;
try
{
dr2 = command.ExecuteReader();
dt.Load(dr2);
}
catch (IfxException ifxEx)// Handle IBM.data.informix : mostly catched
{
ErrMappingForInformix.WriteLog("\r\n Error Code: " + ifxEx.Errors[0].NativeError.ToString() +
"\r\n MEssage: " + ifxEx.Errors[0].Message);
throw new Exception("ERROR:" + ifxEx.Errors[0].NativeError.ToString() +
"\r\n MEssage: " + ifxEx.Errors[0].Message);
}
catch (Exception ex)// Handle all other exceptions.
{
ErrMappingForInformix.WriteLog("\r\n Error Message: " + ex.Message);
throw new Exception("\r\n Error Message: " + ex.Message);
}
finally
{
Close_Connection();
}
return dt;
}
How about this: 这个怎么样:
command.CommandText = "get_department";
command.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(new SqlParameter("dep_code", dep_code));
cmd.Parameters.Add(new SqlParameter("emp_code", emp_code));
cmd.Parameters.Add(new SqlParameter("batch_code", batch_code));
Take a look at the different examples in this article (and more specifically: Listing 4. Executing a stored procedure with a parameter ). 看一看在不同的示例中此文章 (并且更具体地: 清单4.执行存储过程用参数 )。
The following line of code: 下面的代码行:
sQuery.Append("EXECUTE procedure get_department(" + dep_code + "," + emp_code + "," + batch_code + ")");
is like a desperate attempt to break everything and vulnerable to SQL injection. 就像是一次绝望的尝试来破坏一切并容易受到SQL注入的攻击。 Never use string concatenations when building your SQL queries. 构建SQL查询时, 切勿使用字符串连接。
AS I know you don't need to write 'procedure' and brackets: 据我所知,您无需编写“过程”和方括号:
"EXECUTE get_department" + dep_code + "," + emp_code + "," + batch_code
http://msdn.microsoft.com/en-us/library/ms188332.aspx http://msdn.microsoft.com/en-us/library/ms188332.aspx
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.