C# 尝试执行存储过程时出现意外错误
当我尝试执行特定的存储过程时,出现以下异常:C# 尝试执行存储过程时出现意外错误,c#,asp.net,stored-procedures,informix,executereader,C#,Asp.net,Stored Procedures,Informix,Executereader,当我尝试执行特定的存储过程时,出现以下异常: my.cs: 我调试并确保所有参数都是intger public DataTable Return_DataTable(string cmdText) { Open_Connection(); DataTable dt = new DataTable(); command.CommandText = cmdText; command.CommandType = Comm
my.cs:
我调试并确保所有参数都是
intger public DataTable Return_DataTable(string cmdText)
{
Open_Connection();
DataTable dt = new DataTable();
command.CommandText = cmdText;
command.CommandType = CommandType.Text;
command.Connection = connection;
try
{
dt.Load(command.ExecuteReader());
}
catch (IfxException ifxEx)// Handle IBM.data.informix : mostly catched
{
ErrMapping.WriteLog("\r\n Error Code: " + ifxEx.Errors[0].NativeError.ToString() +
"\r\n MEssage: " + ifxEx.Errors[0].Message);
throw new Exception("ERROR:" + ifxEx.Errors[0].NativeError.ToString() +
"\r\n MEssage: " + ifxEx.Errors[0].Message);
}
catch (Exception ex)// Handle all other exceptions.
{
ErrMapping.WriteLog("\r\n Error Message: " + ex.Message);
throw new Exception("\r\n Error Message: " + ex.Message);
}
finally
{
Close_Connection();
}
return dt;
}
编辑1:
public DataTable Return\u DataTable(string cmdText、CommandType cmdType、Dictionary Param\u arr)
{
打开_连接();
int return_val=-1;
DataTable dt=新的DataTable();
command.CommandText=cmdText;
command.CommandType=cmdType;
如果(cmdType==CommandType.StoredProcess)
{
if(参数arr!=null)
{
command.Parameters.Clear();
如果(参数arr.Count>0)
{
对于(IEnumerator enumerator=Param_arr.GetEnumerator();enumerator.MoveNext();)
{
param=command.CreateParameter();
param.ParameterName=枚举数.Current.Key.ToString();
param.Value=enumerator.Current.Value.ToString();
命令.Parameters.Add(param);
}
}
}
}
IfxDataReader dr2;
尝试
{
dr2=command.ExecuteReader();
dt.荷载(dr2);
}
catch(IfxException ifxEx)//Handle IBM.data.informix:大部分被捕获
{
ErrorMappingForInformix.WriteLog(“\r\n错误代码:”+ifxEx.Errors[0]。NativeError.ToString()+
“\r\n消息:”+ifxEx.Errors[0]。消息);
抛出新异常(“错误:+ifxEx.Errors[0]。NativeError.ToString()+
“\r\n消息:”+ifxEx.Errors[0]。消息);
}
catch(Exception ex)//处理所有其他异常。
{
ErrMappingForInformix.WriteLog(“\r\n错误消息:“+ex.Message”);
抛出新异常(“\r\n错误消息:“+ex.Message”);
}
最后
{
关闭_连接();
}
返回dt;
}
command.CommandText = "get_department";
command.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(new SqlParameter("dep_code", dep_code));
cmd.Parameters.Add(new SqlParameter("emp_code", emp_code));
cmd.Parameters.Add(new SqlParameter("batch_code", batch_code));
sQuery.Append("EXECUTE procedure get_department(" + dep_code + "," + emp_code + "," + batch_code + ")");
这就像是一次绝望的尝试,试图打破一切,并容易受到SQL注入的影响在构建SQL查询时不要使用字符串连接。我知道您不需要编写“过程”和括号:
"EXECUTE get_department" + dep_code + "," + emp_code + "," + batch_code
如果错误是关于字符串的,您能否尝试
get_department(“+dep_code+”、“+emp_code+”、“+batch_code+”)字典参数arrOpen_Connection();数据表dt=null;cmd.CommandText=cmd.CommandText;cmd.CommandType=cmdtype;cmd.Connection=连接;cmd.CommandTimeout=100;对于(int j=0;jDBConnectionForInformix con=newdbconnectionforinformix(“”);IfxCommand cmd=新的IfxCommand(“rr35rstrec”,con.Connection);IfxParameter[]param=新的IfxParameter[2];参数[0]=新的IFX参数(“批次代码”,5327);参数[1]=新的IFX参数(“dep_代码”,412);参数[2]=新的IFX参数(“emp_代码”,93);DataTable dtres=con.Return\u DataTable(cmd,CommandType.StoredProcedure,param)
command.CommandText = "get_department";
command.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(new SqlParameter("dep_code", dep_code));
cmd.Parameters.Add(new SqlParameter("emp_code", emp_code));
cmd.Parameters.Add(new SqlParameter("batch_code", batch_code));
sQuery.Append("EXECUTE procedure get_department(" + dep_code + "," + emp_code + "," + batch_code + ")");
"EXECUTE get_department" + dep_code + "," + emp_code + "," + batch_code