stackoom
  简体   繁体   中英

Parameter.addwithvalue function error

 原文  2014-07-01 12:50:21       c#/ sql/ string/ object/ ado.net

Question

    public static bool dataMatch(string data, string tableName, string column)
    {
        SqlCommand cmd = new SqlCommand();
        cmd.Connection = new SqlConnection(CnnStr);//connection string has been applied to CnnStr


        cmd.CommandText = "SELECT * FROM [@tableName] WHERE [@column]=[@data]";
        cmd.Parameters.Add("@tableName",tableName);
        cmd.Parameters.AddWithValue("@column", (column as Object).ToString());
        cmd.Parameters.AddWithValue("@data", (data as Object).ToString());

        cmd.Connection.Open();
        SqlDataReader dr = cmd.ExecuteReader();
        if (dr.Read())
        {
            dr.Close();
            cmd.Connection.Close();
            return true;
        }
        dr.Close();
        cmd.Connection.Close();
        return false;
    }

HELLO

the error i get is:

SqlException was unhandled by user code invalid object name @tableName

i think the problem is that the args of 2nd parameter of the AddWithValue funcs are strings, and they have to be object type, so i tried to convert the 2nd string parameters of the addwithvalue func to Object or object but get the same errors

2 answers

solution1
 4 ACCPTED  2014-07-01 12:52:56

You can't parameterized your column names or table names.

You only parameterize your values . That's why you can't use @tableName and @column as a parameter. You can fix them specifying the table name and column name as part of the SQL.

Your code is a valid syntax for C#, but it is not a valid SQL.

It is a poor solution but if you really want to use them, take a look at dynamic SQL.

Also use using statement to dispose your SqlConnection , SqlCommand and SqlDataReader as well. 

using(SqlConnection con = new SqlConnection(CnnStr))
using(SqlCommand cmd = con.CreateCommand())
{
    cmd.CommandText = "SELECT * FROM " + tableName + " WHERE " + column.ToString() + "=@data";
    cmd.Parameters.Add("@data", data.ToString());
    using(SqlDataReader dr = cmd.ExecuteReader())
    {
        //
    }
}

solution2
 -1  2014-07-01 12:59:45

You can acheive this by the following method. 

 public static bool dataMatch(string data, string tableName, string column)
    {
        SqlCommand cmd = new SqlCommand();
        cmd.Connection = new SqlConnection(CnnStr);//connection string has been applied to CnnStr


        cmd.CommandText = "SELECT * FROM '"+tableName+"' WHERE [@column]=[@data]";

        cmd.Parameters.AddWithValue("@column", (column as Object).ToString());
        cmd.Parameters.AddWithValue("@data", (data as Object).ToString());

        cmd.Connection.Open();
        SqlDataReader dr = cmd.ExecuteReader();
        if (dr.Read())
        {
            dr.Close();
            cmd.Connection.Close();
            return true;
        }
        dr.Close();
        cmd.Connection.Close();
        return false;
    }

Concatenate table name in the query instead of passing as parmater.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Parameter.addwithvalue - ExecuteReader: CommandText property has not been initialized how do I debug SqlCommand Parameter.AddWithValue error with addwithvalue sql parameter update function (AddWithValue parameter included) won't work Stored Procedure Parameter with AddWithValue() Exception when AddWithValue parameter is NULL SqlCommand.Parameters.AddWithValue issue: Procedure or function X expects parameter @Y, which was not supplied C# and MySQL error using Paramters.AddWithValue returns parameter denotations Sql Client AddWithValue null parameter without @ sign C# ASP.Net Parameters.AddWithValue rejecting null value for parameter
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM