C# 通过SQL存储过程填充DataTable生成数据,但仅当参数不为';我没有撇号/单引号
我传递给存储过程以填充DT的参数之一是电子邮件地址。如果电子邮件地址有一个('),则DT不填充任何数据 但是,我确实避开了('),因此我知道这不太可能是问题:C# 通过SQL存储过程填充DataTable生成数据,但仅当参数不为';我没有撇号/单引号,c#,sql-server,stored-procedures,C#,Sql Server,Stored Procedures,我传递给存储过程以填充DT的参数之一是电子邮件地址。如果电子邮件地址有一个('),则DT不填充任何数据 但是,我确实避开了('),因此我知道这不太可能是问题: 使用相同的参数运行存储过程本身将返回正确的行数 使用不带(')的参数从代码运行存储过程将返回正确的行数 我想知道为什么(“”)或(“”)的存在会导致调用不成功,即使存储过程正在运行?如果我有办法解决这个问题 我尝试过的事情: 将值赋给参数之前的转义: if (searchTermValue.Contains('\'')) s
- 使用相同的参数运行存储过程本身将返回正确的行数
- 使用不带(')的参数从代码运行存储过程将返回正确的行数
- 将值赋给参数之前的转义:
if (searchTermValue.Contains('\'')) searchTermValue = searchTermValue.Replace("'", "''''"); - SQL存储过程中的转义('):
SET @searchTerm = REPLACE(@searchTerm,CHAR(39), CHAR(39) + CHAR(39) + CHAR(39) + CHAR(39))
{ SqlCommand cmd = new SqlCommand();
cmd.CommandType = CommandType.StoredProcedure;
cmd.CommandText = "rpt_EmailSearch";
cmd.Parameters.Add(new SqlParameter("@FilterBy", string.Empty));
cmd.Parameters.Add(new SqlParameter("@FilterType", FilterType));
cmd.Parameters.Add(new SqlParameter("@searchTerm", searchTerm));
cmd.Parameters.Add(new SqlParameter("@BaseChannelID", BaseChannelID));
cmd.Parameters.Add(new SqlParameter("@currentPage", currentPage));
cmd.Parameters.Add(new SqlParameter("@pageSize", pageSize));
cmd.Parameters.Add(new SqlParameter("@SortBy", sortColumn + " " + sortDirection));
return DataFunctions.GetDataTable(cmd, DataFunctions.ConnectionString.Communicator.ToString());}
declare
--Payload filters
@FilterBy varchar(50) = '',
@FilterType varchar(50) = 'like',
@searchTerm varchar(MAX) = '', ---THIS IS THE PARAMETER WHERE I SUPPLY 'o'test@mail.com' VALUE
@BaseChannelID int = 92,
--Sort filters
@CurrentPage int = 1,
@PageSize int = 15,
@SortBy VARCHAR(30) = 'EmailAddress DESC',
--Local variables
@EmailPart varchar(MAX) = '',
@ChannelPartOne varchar(MAX) = '',
@ChannelPartTwo varchar(MAX) = ''
SET @searchTerm = REPLACE(@searchTerm,CHAR(39), CHAR(39) + CHAR(39) + CHAR(39) + CHAR(39))
IF @FilterType = 'equals'
BEGIN
SET @EmailPart = 'AND e.EmailAddress = ''' + @searchTerm + ''''
END
IF @FilterType = 'starts'
BEGIN
SET @EmailPart = 'AND e.EmailAddress like ''' + @searchTerm + '%'''
END
IF @FilterType = 'like'
BEGIN
SET @EmailPart = 'AND e.EmailAddress like ''%' + @searchTerm + '%'''
END
IF @FilterType = 'ends'
BEGIN
SET @EmailPart = 'AND e.EmailAddress like ''%' + @searchTerm + ''''
END
IF @BaseChannelID <> 0
BEGIN
SET @ChannelPartOne = 'AND bc.BaseChannelID = ' + CONVERT(varchar(10), @BaseChannelID)
SET @ChannelPartTwo = 'AND e.BaseChannelID = ' + CONVERT(varchar(10), @BaseChannelID)
END
CREATE TABLE #tmp (
BaseChannelName varchar(100),
CustomerName varchar(100),
GroupName varchar(100),
EmailAddress varchar(100),
SubscribeTypeCode varchar(100),
DateCreated datetime,
DateModified datetime
)
EXEC ('
INSERT INTO #tmp
select
bc.BaseChannelName,
c.CustomerName,
g.GroupName,
e.EmailAddress,
case when eg.SubscribeTypeCode = ''S'' then ''Subscribed''
when eg.SubscribeTypeCode = ''U'' then ''Unsubscribed''
when eg.SubscribeTypeCode = ''P'' then ''Pending''
when eg.SubscribeTypeCode = ''D'' then ''Bad Record''
when eg.SubscribeTypeCode = ''M'' then ''Master Suppressed'' else eg.SubscribeTypeCode end as ''Subscribe'',
eg.CreatedOn as ''DateCreated'', eg.LastChanged as ''DateModified''
from
Emails e with (nolock)
join ECN5_ACCOUNTS..Customer c with (nolock) on e.CustomerID = c.CustomerID and c.IsDeleted = 0
join ECN5_ACCOUNTS..Basechannel bc with (nolock) on c.BaseChannelID = bc.BaseChannelID and bc.IsDeleted = 0
join EmailGroups eg with (nolock) on e.EmailID = eg.EmailID
join Groups g with (nolock) on eg.GroupID = g.GroupID and IsNull(g.MasterSupression, 0) = 0
where
1=1
' + @ChannelPartOne + '
' + @EmailPart + '
UNION
select
bc.BaseChannelName, '''' as ''CustomerName'', '''' as ''GroupName'', EmailAddress, ''Channel Suppressed'' as ''Subscribe'', e.CreatedDate as ''DateCreated'', e.UpdatedDate as ''DateModified''
from
ChannelMasterSuppressionList e with (nolock)
join ECN5_ACCOUNTS..Basechannel bc with (nolock) on e.BaseChannelID = bc.BaseChannelID and bc.IsDeleted = 0
where
e.IsDeleted = 0
' + @ChannelPartTwo + '
' + @EmailPart + '
order by ' + @SortBy
);
WITH Results
AS (SELECT
ROW_NUMBER() OVER (ORDER BY @SortBy
) AS ROWNUM,
COUNT(*) OVER () AS TotalCount,
*
FROM #tmp)
SELECT
*
FROM Results
WHERE ROWNUM BETWEEN ((@CurrentPage - 1) * (@PageSize + 1)) AND (@CurrentPage * @PageSize)
DROP TABLE #tmp
END
声明
--有效载荷过滤器
@FilterBy varchar(50)='',
@FilterType varchar(50)=“like”,
@searchTerm varchar(MAX)=''---这是我提供'o'的参数test@mail.com"价值",
@BaseChannelID int=92,
--排序过滤器
@当前页面int=1,
@PageSize int=15,
@SortBy VARCHAR(30)=“EmailAddress DESC”,
--局部变量
@EmailPart varchar(最大值)='',
@ChannelPartOne varchar(最大值)='',
@ChannelPartTwo varchar(最大值)=”
设置@searchTerm=REPLACE(@searchTerm,CHAR(39),CHAR(39)+CHAR(39)+CHAR(39)+CHAR(39))
如果@FilterType='equals'
开始
设置@EmailPart='和e.EmailAddress=''+@searchTerm+'''
结束
如果@FilterType='starts'
开始
将@EmailPart=”和e.EmailAddress设置为“”+@searchTerm+“%”
结束
如果@FilterType='like'
开始
将@EmailPart=”和e.EmailAddress设置为“%”++@searchTerm++“%”
结束
如果@FilterType='ends'
开始
将@EmailPart=”和e.EmailAddress设置为“%”+@searchTerm++”
结束
如果@BaseChannelID为0
开始
设置@ChannelPartOne='和bc.BaseChannelID='+转换(varchar(10),@BaseChannelID)
设置@ChannelPartTwo='和e.BaseChannelID='+转换(varchar(10),@BaseChannelID)
结束
创建表格#tmp(
BaseChannelName varchar(100),
客户名称varchar(100),
组名varchar(100),
电子邮件地址varchar(100),
SubscribeTypeCode varchar(100),
DateCreated日期时间,
日期修改日期时间
)
执行官('
插入#tmp
挑选
卑诗省,
c、 客户名称,
g、 组名,
e、 电邮地址:,
当例如SubscribeTypeCode=''S''然后是''Subscribed''时的情况
当例如SubscribeTypeCode='U'时,则为'Unsubscribed'
当例如SubscribeTypeCode='P'时,则为'Pending'
当例如SubscribeTypeCode=''D''时,则为“坏记录”
当eg.SubscribeTypeCode=''M''时,则“主抑制”,否则,如SubscribeTypeCode结束为“订阅”,
例如CreatedOn为“DateCreated”,例如LastChanged为“DateModified”
从…起
电子邮件e与(nolock)
加入ECN5_账户..客户c与e.CustomerID=c.CustomerID上的(nolock)和c.IsDeleted=0
将ECN5_帐户..Basechannel bc与c.BaseChannelID=bc.BaseChannelID和bc.IsDeleted=0上的(nolock)连接
在e.EmailID=eg.EmailID上使用(nolock)加入电子邮件组
将组g与(nolock)连接在一起,例如:GroupID=g.GroupID,IsNull(g.mastersuppression,0)=0
哪里
1=1
“++@ChannelPartOne+”
“++@EmailPart+”
联合
挑选
bc.BaseChannelName、“”为“CustomerName”、“”为“GroupName”、EmailAddress、“”通道抑制“”为“订阅”、e.CreatedDate为“DateCreated”、e.UpdateDate为“DateModified”
从…起
带有(nolock)的ChannelMasterSuppressionList e
将ECN5_帐户..Basechannel bc与e.BaseChannelID=bc.BaseChannelID和bc.IsDeleted=0上的(nolock)连接
哪里
e、 IsDeleted=0
“++@ChannelPartTwo+”
“++@EmailPart+”
按'+@SortBy'排序
);
结果
作为(选择
第()行(按@SortBy排序)
)作为ROWNUM,
计数(*)超过()作为TotalCount,
*
来自#tmp)
挑选
*
根据结果
其中ROWNUM介于(@CurrentPage-1)*(@PageSize+1))和(@CurrentPage*@PageSize)之间
升降台#tmp
结束
谢谢!好的,找出它没有返回的原因: 执行命令时,(')将自动替换为(“”),因此在代码中执行替换操作将创建在DB中任何位置都找不到匹配的参数。 但是,我必须在SQL中进行替换,如下所示;否则动态SQL无法形成过程:
SET @searchTerm = REPLACE(@searchTerm,CHAR(39), CHAR(39) + CHAR(39))
感谢所有回答的人!我认为如果您向我们展示您传递给此函数的SqlCommand代码会有所帮助。
searchTermValue=searchTermValue.Replace(“”,“”)SET @searchTerm = REPLACE(@searchTerm,CHAR(39), CHAR(39) + CHAR(39))