[英]Procedure or function expects parameter , which was not supplied
过程或函数“登录”需要未提供的参数“ @Abc”
经过4个小时的搜索和尝试,没有使用我已经提供了此参数(复制/粘贴),并且赋予过程的参数数量与过程和顺序相同。
@Abc是输出参数。
存储过程定义:
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER proc [dbo].[login]
(
@Abc int output,
@firstname varchar(255) output,
@lastname varchar(255) output,
@Email varchar(255),
@pass varchar(255)
)
As
begin
if not exists (select Email from user_1 where email=@email)
select @Abc = 0
else begin
if not exists (
select Email from user_1 where email =@Email and password = @pass
)
select @Abc = 1
else
select @Abc = 2,@firstname = u.first_name ,@lastname=u.last_name from user_1 u where u.email = @email
end
end
调用存储过程的代码:
myCon.Open();
TextBox username = UserName;
TextBox password = Password;
SqlCommand myCommand = new SqlCommand("login", myCon);
SqlParameter count= myCommand.Parameters.Add("@Abc", SqlDbType.Int);
count.Direction = ParameterDirection.Output;
SqlParameter fnp = myCommand.Parameters.Add("@firstname", SqlDbType.VarChar,255);
fnp.Direction = ParameterDirection.Output;
SqlParameter lnp = myCommand.Parameters.Add("@lastname", SqlDbType.VarChar, 255);
lnp.Direction = ParameterDirection.Output;
myCommand.Parameters.AddWithValue("@Email",username.Text);
myCommand.Parameters.AddWithValue("@pass", password.Text);
myCommand.ExecuteNonQuery();
myCon.Close();
您已省略:
myCommand.CommandType = CommandType.StoredProcedure;
因此,发送到数据库的命令是恶意的sp_executeSQL
调用,而不是所需的exec login
仅供参考,语法也较短:
myCommand.Parameters.Add("@Abc", SqlDbType.Int).Direction = ParameterDirection.Output;
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.