C# 参数化SQL值语法问题
我不确定问题是什么,但我的代码看起来像:C# 参数化SQL值语法问题,c#,sql-server,parameterized-query,C#,Sql Server,Parameterized Query,我不确定问题是什么,但我的代码看起来像: function() { string sqltext2; sqltext2 = "INSERT into myTable"; SqlCommand myCommand2 = new SqlCommand(sqltext2, MyConnection2); if (cond1) { sqltext2 = sqltext2 + "SELECT" + "@initOwnerFirstName" + "," + "@ownerFirstName"
function() {
string sqltext2;
sqltext2 = "INSERT into myTable";
SqlCommand myCommand2 = new SqlCommand(sqltext2, MyConnection2);
if (cond1) {
sqltext2 = sqltext2 + "SELECT" + "@initOwnerFirstName" + "," + "@ownerFirstName" + "UNION ALL ";
SqlParameter param = new SqlParameter();
param.ParameterName = "@initOwnerFirstName";
param.Value = initOwnerFirstName;
SqlParameter param2 = new SqlParameter();
param2.ParameterName = "@ownerFirstName";
param2.Value = owner.FirstName;
myCommand2.Parameters.Add(param);
myCommand2.Parameters.Add(param2);
sqltext2 = sqltext2 + "SELECT" + "'" + currentUserId2 + "'," + "'" + owner.Id.ToString() + "'," + "'" + DateTime.Now + "'," + "'FirstName', @initOwnerFirstName, @ownerFirstName UNION ALL ";
myCommand2.Parameters.AddWithValue("initOwnerFirstName", initOwner.FirstName);
myCommand2.Parameters.AddWithValue("OwnerFirstName", owner.FirstName);
问题可能是您连接字符串时没有空格。您也不需要连接。请参阅下面的“我的更新”:
function() {
string sqltext2;
sqltext2 = "INSERT into dbo.OwnerChanges ";
SqlCommand myCommand2 = new SqlCommand(sqltext2, MyConnection2);
if (cond1) {
//no concatenating
sqltext2 = sqltext2 + " SELECT @initOwnerFirstName , @ownerFirstName UNION ALL ";
SqlParameter param = new SqlParameter();
param.ParameterName = "@initOwnerFirstName";
param.Value = initOwnerFirstName;
SqlParameter param2 = new SqlParameter();
param2.ParameterName = "@ownerFirstName";
param2.Value = owner.FirstName;
myCommand2.Parameters.Add(param);
myCommand2.Parameters.Add(param2);
UNION ALLsqltext2 = sqltext2 + " SELECT @initOwnerFirstName , @ownerFirstName UNION ALL ";
myCommand2.CommandText=sqltext2+“选择@initOwnerFirstName、@ownerFirstName联合所有”问题可能是您连接字符串时没有空格。您也不需要连接。请参阅下面的“我的更新”:
function() {
string sqltext2;
sqltext2 = "INSERT into dbo.OwnerChanges ";
SqlCommand myCommand2 = new SqlCommand(sqltext2, MyConnection2);
if (cond1) {
//no concatenating
sqltext2 = sqltext2 + " SELECT @initOwnerFirstName , @ownerFirstName UNION ALL ";
SqlParameter param = new SqlParameter();
param.ParameterName = "@initOwnerFirstName";
param.Value = initOwnerFirstName;
SqlParameter param2 = new SqlParameter();
param2.ParameterName = "@ownerFirstName";
param2.Value = owner.FirstName;
myCommand2.Parameters.Add(param);
myCommand2.Parameters.Add(param2);
我不确定代码的其余部分做了什么,但我怀疑您在所有这些结束时留下了一个拖尾UNION ALL
。您可能只需将每个子查询放入一个数组中并对其使用
更新:
我想我看到了这个问题。您需要更新CommandText,而不是原始字符串。因此,改变这一点:
sqltext2 = sqltext2 + " SELECT @initOwnerFirstName , @ownerFirstName UNION ALL ";
为此:
myCommand2.CommandText=sqltext2+“选择@initOwnerFirstName、@ownerFirstName联合所有”以下是参数化查询的工作原理:
using (SqlConnection conn = new SqlConnection("connectionstring"))
{
using SqlCommand cmd = conn.CreateCommand())
{
cmd.CommandText = @"INSERT INTO mytable
(initOwnerFirstName, ownerFirstName)
VALUES (@initOwnerFirstName, @ownerFirstName);";
cmd.Parameters.AddWithValue("initOwnerFirstName", initOwner.FirstName);
cmd.Parameters.AddWithValue("ownerFirstName", owner.FirstName);
// ... execute query
}
}
看起来您正在将SELECT
语句的结果插入myTable
中,但您正在尝试将参数传递到列名应该到达的位置。参数将用值替换@variablename
,因此:参数用于值,而不是列名
对于多个值,使用括号指定集合,以逗号分隔:
INSERT INTO mytable (col1, col2) VALUES ("a", "b"), ("c", "d"), ("e", "f");
您可以适当地修改查询字符串以适应此语法
更多信息:以下是参数化查询的工作原理:
using (SqlConnection conn = new SqlConnection("connectionstring"))
{
using SqlCommand cmd = conn.CreateCommand())
{
cmd.CommandText = @"INSERT INTO mytable
(initOwnerFirstName, ownerFirstName)
VALUES (@initOwnerFirstName, @ownerFirstName);";
cmd.Parameters.AddWithValue("initOwnerFirstName", initOwner.FirstName);
cmd.Parameters.AddWithValue("ownerFirstName", owner.FirstName);
// ... execute query
}
}
看起来您正在将SELECT
语句的结果插入myTable
中,但您正在尝试将参数传递到列名应该到达的位置。参数将用值替换@variablename
,因此:参数用于值,而不是列名
对于多个值,使用括号指定集合,以逗号分隔:
INSERT INTO mytable (col1, col2) VALUES ("a", "b"), ("c", "d"), ("e", "f");
您可以适当地修改查询字符串以适应此语法
更多信息:我之所以使用串联,是因为我给出的其他变量没有设置为我没有包含的参数。我合并了它们,但仍然存在相同的错误。UNION ALL也在末尾被截断。@Abe同意,OP的查询字符串在分配给myCommand 2
后被修改@Aeonstrife:这会导致参数在执行时“丢失”,并出现错误“必须声明标量变量…”。@Aeonstrife-创建insert语句时始终声明列名。如果不这样做,代码将变得脆弱。ie在数据库中添加一个字段就足以破坏它。好吧,这似乎奏效了。但是,由于sql命令是在一组if语句的末尾执行的,因此可以在每个if语句中更新sqltext。如果像这样会更好:myCommand2.CommandText=myCommand2.CommandText+“选择”+“+currentUserId2+”,“+”“+owner.Id.ToString()+”,“+”,“+DateTime.Now+”,“+”'FirstName',@initOwnerFirstName,@ownerFirstName UNION ALL”
@Aeonstrife:正常情况下通过if语句更新字符串,但在执行之前不要将字符串分配给myCommand2
。您可以在实际分配查询字符串之前向查询中添加参数,但请注意,查询字符串中声明的任何参数都必须具有匹配的参数。添加[WithValue]()
。我之所以使用串联,是因为我给它的其他变量没有设置为我没有包含的参数。我合并了它们,但仍然存在相同的错误。UNION ALL也在末尾被截断。@Abe同意,OP的查询字符串在分配给myCommand 2
后被修改@Aeonstrife:这会导致参数在执行时“丢失”,并出现错误“必须声明标量变量…”。@Aeonstrife-创建insert语句时始终声明列名。如果不这样做,代码将变得脆弱。ie在数据库中添加一个字段就足以破坏它。好吧,这似乎奏效了。但是,由于sql命令是在一组if语句的末尾执行的,因此可以在每个if语句中更新sqltext。如果像这样会更好:myCommand2.CommandText=myCommand2.CommandText+“选择”+“+currentUserId2+”,“+”“+owner.Id.ToString()+”,“+”,“+DateTime.Now+”,“+”'FirstName',@initOwnerFirstName,@ownerFirstName UNION ALL”
@Aeonstrife:正常情况下通过if语句更新字符串,但在执行之前不要将字符串分配给myCommand2
。您可以在实际分配查询字符串之前向查询添加参数,但请注意,查询字符串中声明的任何参数都必须具有匹配的参数。添加[WithValue]()
。这是针对SQL Server而不是MySQLMySQL的?问题是sql-server@Abe@ErikE对不起,我错了:链接和