Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/csharp/313.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
C# 以字符串形式传递存储过程_C#_Sql Server 2005 - Fatal编程技术网
Fatal编程技术网
  • csharp/
  • C# 以字符串形式传递存储过程

C# 以字符串形式传递存储过程

c# sql-server-2005

C# 以字符串形式传递存储过程,c#,sql-server-2005,C#,Sql Server 2005,如何将存储过程和参数作为字符串传递给函数 我试过这个密码,但没有成功 这是业务访问层代码 try { string Query_string = "SP_InsertOffer_Tab @offer_name ='" + this.offer_name +"', @offer_price = " + this.offer_price + ",@start_date = '" + this.start_date + "',@end_date = '" + this.end_da

如何将存储过程和参数作为字符串传递给函数

我试过这个密码,但没有成功

这是业务访问层代码

 try
 {
     string Query_string = "SP_InsertOffer_Tab @offer_name ='" + this.offer_name +"',  @offer_price = " + this.offer_price + ",@start_date = '" + this.start_date + 
 "',@end_date = '" + this.end_date + "'";

     int result = DbAcess.Insert_Query(Query_string);
     return result;
 }
 catch (Exception ex)
 {
    throw ex;
 }
 finally
 {
    DbAcess = null;
 }
数据库层代码如下

public int Insert_Query(string strSQL)
{
    SqlConnection con = new SqlConnection();
    con = OpenConnection();

    try
    {
        sqlcmd = new SqlCommand();
        sqlcmd.Connection = con;
        sqlcmd.CommandType = CommandType.StoredProcedure;
        sqlcmd.CommandText = strSQL;

        int Result = sqlcmd.ExecuteNonQuery();
        return Result;
    }
    catch (Exception ex)
    {
        throw ex;
    }
    finally
    {
        con.Close();
    }
}
与其将strSQL作为CommandText传递,其中strSQL是您在第一个代码块中创建的字符串(我认为…),不如将SP名称作为CommandText传递,然后将参数添加到sqlcmd对象中

SqlParameter p = new SqlParameter("@ParameterName", parametervalue));
sqlcmd.Parameters.Add(p);
只是尝试解决您的问题,但请注意,这种方法非常危险,不建议用于Sql注入问题

string Query_string = "EXEC SP_InsertOffer_Tab @offer_name ='" + 
            this.offer_name +"',  @offer_price = " + 
            this.offer_price + ",@start_date = '" + 
            this.start_date + "',@end_date = '" + this.end_date + "'";
并将CommandType更改为Text

更好的方法是更改Insert_查询方法

public int Insert_Query(string strSQL, SqlParameter[] prm)
{
    using(SqlConnection con = OpenConnection())
    {
        sqlcmd = new SqlCommand(strSql, con);
        sqlcmd.CommandType = CommandType.StoredProcedure;
        sqlcmd.Parameters.AddRange(prm)
        int Result = sqlcmd.ExecuteNonQuery();
        return Result;
    }
}
那么就这样称呼它吧

SqlParameter[] prms = new SqlParameter[]
{
   new SqlParameter("@offer_name", SqlDbType.NVarChar),
   new SqlParameter("@offer_price", SqlDbType.Money),
   new SqlParameter("@start_date", SqlDbType.SmallDateTime),
   new SqlParameter("@end_date", SqlDbType.SmallDateTime)
};
prms[0].Value = this.offer_name;
prms[1].Value = this.offer_price;
prms[2].Value = this.start_date;
prms[3].Value = this.end_date;
int result = DbAcess.Insert_Query(Query_string, prms);
那么异常是什么呢?不要这样做:
catch(exception ex){throw ex;}
@Oded,如果你只是
throw
,异常就会冒出来。但是,
throw ex
会弄乱堆栈。数据库端是否已有存储过程。。?如果是这样,那么您为什么试图通过调用存储过程来执行它就没有意义了。您需要定义
sqlcmd.CommandText=“SP_InsertOffer_Tab”
还需要使用
参数化查询
例如`sqlcmd.Parameters.AddWithValue(@ParamName,ParamValue);该查询在其当前状态下不应正确执行。@RayCheng-就目前的代码而言,根本不需要
catch
块-这就是我试图说明的要点。