Solved

sql Parameter error

Posted on 2011-03-24
4
222 Views
Last Modified: 2012-05-11
Hi, I'm using asp.net 3.5 and C#
Please see attached screen shot.  Here is my code
thank you.
public DataSet SelectFromTables(List<string> tableNames)
    {
        DataSet ds = new DataSet();
        foreach (string tableName in tableNames)
        {
            SelectFromATable(tableName, ds);
        }
        return ds;
    }

    private void SelectFromATable(string tableName, DataSet ds)
    {
        string query = "select * from @tableName";
        SqlCommand cmd = new SqlCommand(query);
        cmd.Parameters.Add(@tableName, SqlDbType.NVarChar);
        cmd.Parameters["@tableName"].Value = tableName;
        FillDataSet(cmd, tableName, ds);
    }

    private void FillDataSet(SqlCommand cmd, string tableName, DataSet ds)
    {
        SqlConnection con = new SqlConnection(connectionString);
        cmd.Connection = con;
        SqlDataAdapter adapter = new SqlDataAdapter(cmd);
        try
        {
            con.Open();
            adapter.Fill(ds, tableName);

        }
        finally
        {
            con.Close();
            con.Dispose();
        }
    }

Open in new window

ado-error.jpg
0
Comment
Question by:lapucca
4 Comments
 
LVL 39

Expert Comment

by:Pratima Pharande
ID: 35212817


change the function like this

private void SelectFromATable(string tableName, DataSet ds)
    {
        string query = "select * from " + tableName;
        SqlCommand cmd = new SqlCommand(query);
         FillDataSet(cmd, tableName, ds);
    }
0
 
LVL 8

Accepted Solution

by:
crysallus earned 500 total points
ID: 35212825
Try changing this:

cmd.Parameters.Add(@tableName, SqlDbType.NVarChar);

Open in new window

to this:

cmd.Parameters.Add("@tableName", SqlDbType.NVarChar);

Open in new window

0
 
LVL 19

Expert Comment

by:Rikin Shah
ID: 35212826
try this way-
 
private void SelectFromATable(string tableName, DataSet ds)
    {
        string query = "select * from " + tableName;
        SqlCommand cmd = new SqlCommand(query);
        /*cmd.Parameters.Add("@tableName", SqlDbType.NVarChar);
        cmd.Parameters["@tableName"].Value = tableName;*/
        FillDataSet(cmd, tableName, ds);
    }

Open in new window

0
 

Author Closing Comment

by:lapucca
ID: 35212840
Thank you.  I want to use cmd parameters to avoid sql injection.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction Hi all and welcome to my first article on Experts Exchange. A while ago, someone asked me if i could do some tutorials on object oriented programming. I decided to do them on C#. Now you may ask me, why's that? Well, one of the re…
This article is for Object-Oriented Programming (OOP) beginners. An Interface contains declarations of events, indexers, methods and/or properties. Any class which implements the Interface should provide the concrete implementation for each Inter…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question