stackoom
  简体   繁体   中英

Can't retrieve a specific item from a dataset

 原文  2012-11-17 18:40:50       c#/ .net/ ado.net/ dataset

Question

I've looked through the other questions related to this, but I'm having a different issue. I can't get a specific item to return, it only returns my column name. How do I get the item to return?

public static string GetOneFieldRecord(string field, string companyNum)
{
    DataSet ds = new DataSet();
    SqlCommand comm = new SqlCommand();

    string strSQL = "SELECT @FieldName FROM Companies WHERE CompanyNum = @CompanyNum";
    SqlConnection conn = new SqlConnection();
    conn.ConnectionString = @connstring;
    comm.Connection = conn;
    comm.CommandText = strSQL;
    comm.Parameters.AddWithValue("@FieldName", field);
    comm.Parameters.AddWithValue("@CompanyNum", companyNum);

    SqlDataAdapter da = new SqlDataAdapter();
    da.SelectCommand = comm;

    conn.Open();

    da.Fill(ds, "CompanyInfo");

    conn.Close();

    return ds.Tables[0].Rows[0].ItemArray[0].ToString();
}

I've also tried

return ds.Tables[0].Rows[0][0].ToString();

I'm just getting whatever is in the field variable. If I pass in ("CompanyName", 33), it returns "CompanyName".

1 answers

solution1
 3 ACCPTED  2012-11-17 18:47:13

Your query (in sql profiler) is

SELECT 'CompanyName' FROM Сompanies WHERE СompanyNum = 33

So it returns exactly "CompanyName" string. You cannot pass column name as sqlparameter. You should do something like

public static string GetOneFieldRecord(string field, string companyNum)
{
    DataSet ds = new DataSet();
    SqlCommand comm = new SqlCommand();

    string strSQL = string.Format("SELECT {0} FROM Companies WHERE CompanyNum = @CompanyNum", field);
    SqlConnection conn = new SqlConnection();
    conn.ConnectionString = @connstring;
    comm.Connection = conn;
    comm.CommandText = strSQL;
    comm.Parameters.AddWithValue("@FieldName", field);
    comm.Parameters.AddWithValue("@CompanyNum", companyNum);

    SqlDataAdapter da = new SqlDataAdapter();
    da.SelectCommand = comm;

    conn.Open();

    da.Fill(ds, "CompanyInfo");

   conn.Close();

   return ds.Tables[0].Rows[0].ItemArray[0].ToString();
}

But this code can be used for SQL injection.

To avoid Sql injection, you could check that fieldName in field variable is one of the table columns.

Or You could get SELECT * FROM Сompanies WHERE СompanyNum = @CompanyNum and get value of named column from datatable:

public static string GetOneFieldRecord(string field, string companyNum)
{
    DataSet ds = new DataSet();
    SqlCommand comm = new SqlCommand();

    string strSQL = "SELECT * FROM Companies WHERE CompanyNum = @CompanyNum";
    SqlConnection conn = new SqlConnection();
    conn.ConnectionString = @connstring;
    comm.Connection = conn;
    comm.CommandText = strSQL;
    comm.Parameters.AddWithValue("@FieldName", field);
    comm.Parameters.AddWithValue("@CompanyNum", companyNum);

    SqlDataAdapter da = new SqlDataAdapter();
    da.SelectCommand = comm;

    conn.Open();

    da.Fill(ds, "CompanyInfo");

   conn.Close();

   return ds.Tables[0].Rows[0][field].ToString();
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Retrieve a specific item from an adapter? How to retrieve specific column from the dataset? Why can't I retrieve an item from a HashSet without enumeration? How to retrieve actual item from HashSet<T>? Retrieve data from dataset can't delete twice from a dataset Can't retrieve image from clipboard Can't retrieve data from EF database Can't retrieve data from list<keyvaluepair> Android Slider - can we retrieve attributes from the Item XML?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM