?
Solved

SQL query question

Posted on 2011-03-06
8
Medium Priority
?
269 Views
Last Modified: 2012-05-11
Hi,
I have the following line of code:
 query = "sp_GetUserLogin '" + userID + "', '" + password + "'";
that I am trying to rewrite like:
query = "sp_GetUserLogin @userID, @password";
but I am getting SqlException was unhandled by user code (Incorrect syntax near ‘sp_GetUserLogin’)
Can someone tell me what is wrong with my code? Thanks!
0
Comment
Question by:avi7
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 41

Expert Comment

by:Sharath
ID: 35050012
Can you post some more code. Do you want to pass UserID and Password as parameters to the SP?
0
 
LVL 11

Expert Comment

by:JoeNuvo
ID: 35050997
the way you try to call, still be inline SQL
so, even you want to put the parameter name.
code will be look like this

query = "sp_GetUserLogin @username =  '" + userID + "',  @password = '" + password + "'"; 

Open in new window


if you don't want to do as above, you should give more details, for ex. what is your application language, etc.
0
 

Author Comment

by:avi7
ID: 35053439
It is C# and I was trying to do something like this:

query = "sp_GetUserLogin '" + userID + "', '" + password + "'";
SqlCommand cmd;
cmd = new System.Data.SqlClient.SqlCommand(query, conn);            
cmd.Parameters.AddWithValue("@userID", userID);
cmd.Parameters.AddWithValue("@password", password);

conn.Open();
SqlDataReader reader = cmd.ExecuteReader(System.Data.CommandBehavior.CloseConnection);
 try
            {
                if (reader.HasRows == true)
                {
                    reader.Close();
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 1

Expert Comment

by:lalitgada
ID: 35053634
check the ' syntax.

and if you want to use the aspnetmembership feature then change the logic.
0
 
LVL 9

Assisted Solution

by:kaminda
kaminda earned 320 total points
ID: 35055176
Hi,

You are adding the parameters to the command with

cmd.Parameters.AddWithValue("@userID", userID);
cmd.Parameters.AddWithValue("@password", password);

So you dont have to state in the query, just state the sp name then your code will work. If you like to dynamically call the sp then remove the parameter adding part to command object and use a query such as ;

EXEC sp_GetUserLogin 'userid', 'password'
0
 
LVL 11

Accepted Solution

by:
JoeNuvo earned 600 total points
ID: 35056840
try

query = "EXEC sp_GetUserLogin @userID , @password";
SqlCommand cmd;
cmd = new System.Data.SqlClient.SqlCommand(query, conn);            
cmd.Parameters.AddWithValue("@userID", userID);
cmd.Parameters.AddWithValue("@password", password);

.
.
.

Open in new window

0
 
LVL 2

Assisted Solution

by:EL_Barbado
EL_Barbado earned 80 total points
ID: 35072670
You need to put EXEC in front of the sp_GetUserLogin
0
 

Author Closing Comment

by:avi7
ID: 35142457
Thanks so much!
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

INTRODUCTION: While tying your database objects into builds and your enterprise source control system takes a third-party product (like Visual Studio Database Edition or Red-Gate's SQL Source Control), you can achieve some protection using a sing…
Use this article to create a batch file to backup a Microsoft SQL Server database to a Windows folder.  The folder can be on the local hard drive or on a network share.  This batch file will query the SQL server to get the current date & time and wi…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question