Solved

parameterized query, mssql and c#

Posted on 2013-01-25
2
526 Views
Last Modified: 2013-01-31
I am trying to work out my stored procedure to build and open a dynamic parameterized query.

it is called as:
List<object> parm = new List<object>();
parm.add(aName);
dbRoutines.getDataSet("select * from sales where company = ?", parm);

Open in new window


but it keeps blowing up, because I can't seem to get it quite right
   public static DataSet GetDataSet(string mySQL, List<Object> parms)
   {
	  SqlDataAdapter sqlDa = new SqlDataAdapter();
	  DataSet sqlDs = new DataSet();
	  using (SqlConnection sqlConn =

	  new SqlConnection("Context Connection=True"))
	  {
	     SqlCommand sqlCmd = new SqlCommand("SET NOCOUNT ON; "  + mySQL, sqlConn);
		  sqlCmd.CommandType = CommandType.Text;         
        sqlDa.SelectCommand = sqlCmd;
        for (int x = 0; x <= parms.Count - 1; x++)
        {
           sqlCmd.Parameters.AddWithValue(x.ToString(), parms[x]); --- this one results in 'incorrect syntax near ?'
           //sqlCmd.Parameters[x].Value = parms[x];//this one results in 'Invalid index 0 for this SqlParameterCollection with Count=0'.
         //sqlCmd.Parameters.Add(new SqlParameter("@" + x.ToString(), parms[x]))  --- this one also results in 'incorrect syntax near ?'
       
        }

        try
        {
		     sqlDa.Fill(sqlDs, "TABLE");
        }

        catch(Exception Ex)
        {
           SqlContext.Pipe.Send("Error retrieving record " + Ex.GetType().ToString() + " " + Ex.Message);
           SqlContext.Pipe.Send(mySQL);
         }
         finally
         {
			   sqlConn.Close();
         }
	  }
     if ((sqlDs.Tables == null) ||
         (sqlDs.Tables["Table"] == null) ||
         (sqlDs.Tables.Count == 0))
        return null;
     else
	     return sqlDs;
   }

Open in new window

so now I'm stuck, because parameterized queries are def. needed.
0
Comment
Question by:ccMcBride
2 Comments
 
LVL 3

Accepted Solution

by:
contactnaeem earned 200 total points
ID: 38821698
change ? with @param1
List<object> parm = new List<object>();
parm.add(aName);
dbRoutines.getDataSet("select * from sales where company = @param1", parm);


public static DataSet GetDataSet(string mySQL, List<Object> parms)
   {
        SqlDataAdapter sqlDa = new SqlDataAdapter();
        DataSet sqlDs = new DataSet();
        using (SqlConnection sqlConn =

        new SqlConnection("Context Connection=True"))
        {
           SqlCommand sqlCmd = new SqlCommand("SET NOCOUNT ON; "  + mySQL, sqlConn);
              sqlCmd.CommandType = CommandType.Text;        
        sqlDa.SelectCommand = sqlCmd;
        for (int x = 0; x <= parms.Count - 1; x++)
        {
command.Parameters.AddWithValue("@demographics", demoXml);
           sqlCmd.Parameters.AddWithValue("@param"+x.ToString(), parms[x]);      
        }

        try
        {
                 sqlDa.Fill(sqlDs, "TABLE");
        }

        catch(Exception Ex)
        {
           SqlContext.Pipe.Send("Error retrieving record " + Ex.GetType().ToString() + " " + Ex.Message);
           SqlContext.Pipe.Send(mySQL);
         }
         finally
         {
                     sqlConn.Close();
         }
        }
     if ((sqlDs.Tables == null) ||
         (sqlDs.Tables["Table"] == null) ||
         (sqlDs.Tables.Count == 0))
        return null;
     else
           return sqlDs;
   }
0
 

Author Closing Comment

by:ccMcBride
ID: 38840757
thank you.  means that all parameters will have to be named in a consistent manner, but if that's what it takes..
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

Exception Handling is in the core of any application that is able to dignify its name. In this article, I'll guide you through the process of writing a DRY (Don't Repeat Yourself) Exception Handling mechanism, using Aspect Oriented Programming.
Performance in games development is paramount: every microsecond counts to be able to do everything in less than 33ms (aiming at 16ms). C# foreach statement is one of the worst performance killers, and here I explain why.
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now