stackoom
  简体   繁体   中英

Update with column name by parameter

 原文  2011-09-29 20:03:50       c#/ .net/ ado.net

Question

How can I pass a columns name by parameter,

follow an example

DataTable dt = new DataTable();

// Here I fill my datatable

for (int i = 0; i < dt.Rows.Count; i++)
{
     for (int j = 0; j < dt.Columns.Count; j++)
     {
       string columnsname = dt.Rows[i][dt.columns[j].toString()].toString();
       SqlCommand comando = new SqlCommand();
       comando.commandText = "UPDATE Sales.Store SET @columnname = @demographics where id =   @id";
       comando.Parameters.Add(new SqlParameter("@columnname", columname));
       comando.Parameters.Add(new SqlParameter("@dados2", dados2));
       comando.ExecuteNonQuery();
       comando.Clear();
       comando.Dispose()
    } 
}

This doesn't work, but I have 88 columns, and I need update all data in every 88 columns in each row.

4 answers

solution1
 2 ACCPTED  2011-09-29 20:05:07

You cannot parameterize column names.

To do what you want you will need to resort to dynamic SQL .

solution2
 0  2013-09-25 15:21:14

I have figured out a way to include a work around for parametrized column names. I had the same problem but came up with a different way and since I would be the only one using the column names then I believe this is still a safe bet.

            String sqlcomm = "SELECT * FROM Asset WHERE " + assetColName + " = ";
            command.CommandText = sqlcomm + "$assetColValue";

            //command.CommandText = @"SELECT * FROM Asset WHERE $assetColName = '$assetColValue'";
            //command.Parameters.AddWithValue("$assetColName", assetColName);

            command.Parameters.AddWithValue("$assetColValue", assetColValue);

As you can see from the code above. I tried almost what you did which I then had to comment out. I then concatenated strings together and was able to use my parametrized column name and value which then the value is securely added. The column name however is not secured but this is a method that only I will be using so its still somewhat safe. You can add regular expressions if you want to be more secure but you get the idea of the fix.

solution3
 0  2021-09-30 16:20:40

Just concatenate the sql string:

"UPDATE Contracts set " + columnName + " = @columnValue where ID = @ID"

Where column name is a string that represents a column in the table

solution4
 0  2011-09-29 20:17:53

Well, if you have 30,000 rows with 88 columns, and you need to update all 88 columns, you probably want to rethink your database schema.

Itay.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Pass Column Name as parameter LINQ - Accessing a column with the column name as a string parameter Update a table column by matching the column name to a string invalid column name , parameter from c# Sorting,Paging in mvc5 with column name as parameter MySql reading parameter name as column during insert XAML bind command parameter to DataGrid column name How to set a column name in SQL query as parameter? Cannot bind to the property or column Name on the DataSource. Parameter name: dataMember String parameter having name of column of database to actual column value
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM