?
Solved

sql Parameter error

Posted on 2011-03-24
4
Medium Priority
?
226 Views
Last Modified: 2012-05-11
Hi, I'm using asp.net 3.5 and C#
Please see attached screen shot.  Here is my code
thank you.
public DataSet SelectFromTables(List<string> tableNames)
    {
        DataSet ds = new DataSet();
        foreach (string tableName in tableNames)
        {
            SelectFromATable(tableName, ds);
        }
        return ds;
    }

    private void SelectFromATable(string tableName, DataSet ds)
    {
        string query = "select * from @tableName";
        SqlCommand cmd = new SqlCommand(query);
        cmd.Parameters.Add(@tableName, SqlDbType.NVarChar);
        cmd.Parameters["@tableName"].Value = tableName;
        FillDataSet(cmd, tableName, ds);
    }

    private void FillDataSet(SqlCommand cmd, string tableName, DataSet ds)
    {
        SqlConnection con = new SqlConnection(connectionString);
        cmd.Connection = con;
        SqlDataAdapter adapter = new SqlDataAdapter(cmd);
        try
        {
            con.Open();
            adapter.Fill(ds, tableName);

        }
        finally
        {
            con.Close();
            con.Dispose();
        }
    }

Open in new window

ado-error.jpg
0
Comment
Question by:lapucca
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 39

Expert Comment

by:Pratima Pharande
ID: 35212817


change the function like this

private void SelectFromATable(string tableName, DataSet ds)
    {
        string query = "select * from " + tableName;
        SqlCommand cmd = new SqlCommand(query);
         FillDataSet(cmd, tableName, ds);
    }
0
 
LVL 8

Accepted Solution

by:
crysallus earned 2000 total points
ID: 35212825
Try changing this:

cmd.Parameters.Add(@tableName, SqlDbType.NVarChar);

Open in new window

to this:

cmd.Parameters.Add("@tableName", SqlDbType.NVarChar);

Open in new window

0
 
LVL 19

Expert Comment

by:Rikin Shah
ID: 35212826
try this way-
 
private void SelectFromATable(string tableName, DataSet ds)
    {
        string query = "select * from " + tableName;
        SqlCommand cmd = new SqlCommand(query);
        /*cmd.Parameters.Add("@tableName", SqlDbType.NVarChar);
        cmd.Parameters["@tableName"].Value = tableName;*/
        FillDataSet(cmd, tableName, ds);
    }

Open in new window

0
 

Author Closing Comment

by:lapucca
ID: 35212840
Thank you.  I want to use cmd parameters to avoid sql injection.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick way to get a menu to work on our website, is using the Menu control and assign it to a web.sitemap using SiteMapDataSource. Example of web.sitemap file: (CODE) Sample code to add to the page menu: (CODE) Running the application, we wi…
Exception Handling is in the core of any application that is able to dignify its name. In this article, I'll guide you through the process of writing a DRY (Don't Repeat Yourself) Exception Handling mechanism, using Aspect Oriented Programming.
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses
Course of the Month12 days, 23 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question