I'm trying to replace some old code that runs an SQL query, using C# and ASP.Net. The old code runs an elaborate function to build the query as a string. I'm replacing that with a GridView control and a SqlDataSource. The SqlDataSource contains a query that has two parameters: employee ID (EID) and a time range (DateFilter). This second filter is currently an expression:
and a.end_dt >= Dateadd(m, Datediff(m, 0, Dateadd(m, -1, current_timestamp)), 0)
where the "-1" is really going to be the value of a drop-down control.
The problem: I'm unable to plug in the values for @EID and @DateFilter. If I just put the above code into the SQL query directly, it runs fine, getting results on the last month or so of events. If I try plugging that text into @DateFilter, I get a crash saying "Incorrect syntax near '@DateFilter'."
I'm kind of flying blind here because I can't get access to an EID that has at least one associated record, so I can't confirm whether @EID is even having its value replaced. But @DateFilter looks like it's not being replaced, judging from the syntax error.
The SqlDataSource has a parameter of "OnSelecting="DSTravel_Selecting"", meaning it calls that function just before running the Select statement built into it. The function is meant to do the variable replacements like so:
if(Session["eid"] == null)
{
e.Command.Parameters.Add(new SqlParameter("@EID", "null"));
}
else
{
e.Command.Parameters.Add(new SqlParameter("@EID", Session["eid"]));
}
filter = " " // For debugging. Should be the above-quoted expression.
e.Command.Parameters.Add(new SqlParameter("@DateFilter", filter));
But that function just gives me the "incorrect syntax" error. I have also tried defining the parameters in advance, inside the tag:
<SelectParameters>
<asp:Parameter Name="EID" Type="String" />
<asp:Parameter Name="DateFilter" Type="String" />
</SelectParameters>
But I'm having no more luck with that when I then try to reference those parameters in the C# function. What do I need to do to simply replace the two @ parameters with specific chunks of text determined in a function that runs just before the SQL query runs?
Oh, and the actual query in part is:
SelectCommand="select [various things] from [table] where a.record_locator IS NOT NULL and (a.eid='@EID' or 1=1) @DateFilter order by a.end_date;"
At the moment you Variable @DateFilter
is being treated as a literal string rather than as a part of the sql command, you would need to concatenate this variable into a string and then use system stored procedure sp_executesql
or key word Exec(@SqlQuery)
to execute that string(command) .
A better way would be to use a stored procedure and do all this inside the procedure, you would get much better performance too.
CREATE PROCEDURE my_Proc
@EID VARCHAR(20) = NULL
,@DateFilter DATE = NULL
AS
BEGIN
SET NOCOUNT ON;
Declare @Sql NVARCHAR(MAX);
SET @Sql = N'select [various things]
from [table]
where record_locator IS NOT NULL '
+ CASE WHEN @EID IS NOT NULL
THEN N' AND eid = @EID ' ELSE N''END
+ CASE WHEN @DateFilter IS NOT NULL
THEN N' AND end_dt >= Dateadd(m, Datediff(m, 0, Dateadd(m, -1, current_timestamp)), 0)'
ELSE N'' END
+ N' order by a.end_date;'
Exec sp_executesql @Sql
,N'@EID VARCHAR(20)'
,@EID
END
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.