[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

sql Parameter error

Posted on 2011-03-24
4
Medium Priority
?
228 Views
Last Modified: 2012-05-11
Hi, I'm using asp.net 3.5 and C#
Please see attached screen shot.  Here is my code
thank you.
public DataSet SelectFromTables(List<string> tableNames)
    {
        DataSet ds = new DataSet();
        foreach (string tableName in tableNames)
        {
            SelectFromATable(tableName, ds);
        }
        return ds;
    }

    private void SelectFromATable(string tableName, DataSet ds)
    {
        string query = "select * from @tableName";
        SqlCommand cmd = new SqlCommand(query);
        cmd.Parameters.Add(@tableName, SqlDbType.NVarChar);
        cmd.Parameters["@tableName"].Value = tableName;
        FillDataSet(cmd, tableName, ds);
    }

    private void FillDataSet(SqlCommand cmd, string tableName, DataSet ds)
    {
        SqlConnection con = new SqlConnection(connectionString);
        cmd.Connection = con;
        SqlDataAdapter adapter = new SqlDataAdapter(cmd);
        try
        {
            con.Open();
            adapter.Fill(ds, tableName);

        }
        finally
        {
            con.Close();
            con.Dispose();
        }
    }

Open in new window

ado-error.jpg
0
Comment
Question by:lapucca
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 39

Expert Comment

by:Pratima Pharande
ID: 35212817


change the function like this

private void SelectFromATable(string tableName, DataSet ds)
    {
        string query = "select * from " + tableName;
        SqlCommand cmd = new SqlCommand(query);
         FillDataSet(cmd, tableName, ds);
    }
0
 
LVL 8

Accepted Solution

by:
crysallus earned 2000 total points
ID: 35212825
Try changing this:

cmd.Parameters.Add(@tableName, SqlDbType.NVarChar);

Open in new window

to this:

cmd.Parameters.Add("@tableName", SqlDbType.NVarChar);

Open in new window

0
 
LVL 19

Expert Comment

by:Rikin Shah
ID: 35212826
try this way-
 
private void SelectFromATable(string tableName, DataSet ds)
    {
        string query = "select * from " + tableName;
        SqlCommand cmd = new SqlCommand(query);
        /*cmd.Parameters.Add("@tableName", SqlDbType.NVarChar);
        cmd.Parameters["@tableName"].Value = tableName;*/
        FillDataSet(cmd, tableName, ds);
    }

Open in new window

0
 

Author Closing Comment

by:lapucca
ID: 35212840
Thank you.  I want to use cmd parameters to avoid sql injection.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Just a quick little trick I learned recently.  Now that I'm using jQuery with abandon in my asp.net applications, I have grown tired of the following syntax:      (CODE) I suppose it just offends my sense of decency to put inline VBScript on a…
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question