发表新帖
发表新帖

C# Prepared Statements - @ sign (at / strudel sign) queries

前端 未结
关注
3 1595
滥情空心
滥情空心 2021-01-11 22:35

I Have a problem with a prepared statement in C#:

OdbcCommand cmd = sql.CreateCommand();
cmd.CommandText = \"SELECT UNIQUE_ID FROM userdetails WHERE USER_ID
相关标签:
3条回答
  • 北海茫月
    2021-01-11 22:57

    Use '@USER_ID' instead of '?' and all should work:

    OdbcCommand cmd = sql.CreateCommand();
cmd.CommandText = "SELECT UNIQUE_ID FROM userdetails WHERE USER_ID = @USER_ID";
cmd.Parameters.Add("@USER_ID", OdbcType.VarChar, 250).Value = email;
    0 讨论(0)
  • 情话喂你
    2021-01-11 22:57

    Is there a specific reason you're using OdbcCommand rather than using the SqlClient provider?

    With the SqlClient provider, you should be using named parameters as others have suggested.

    But according to MSDN:

    The .NET Framework Data Provider for OLE DB and .NET Framework Data Provider for ODBC do not support named parameters for passing parameters to an SQL statement or a stored procedure. In this case, you must use the question mark (?) placeholder, as in the following example.

    So I'm not sure named parameters will work in this case.

    0 讨论(0)
  • 感情败类
    2021-01-11 22:59

    Indeed, ODBC has its share of issues with supporting named parameters. However, certain usage of named parameters is possible.

    For example, in your case the following syntax works:

    OdbcCommand cmd = sql.CreateCommand();
cmd.CommandText = "SELECT UNIQUE_ID FROM userdetails WHERE USER_ID = ?";
cmd.Parameters.Add("USER_ID", OdbcType.VarChar, 250).Value = email;

    More tricky situation is when you don't have a unique match for the parameter like USER_ID = ?; e.g., when you want to use the IN operator in the WHERE clause.

    Then the following syntax would do the job:

    OdbcCommand cmd = sql.CreateCommand();
cmd.CommandText = "SELECT UNIQUE_ID FROM userdetails WHERE USER_ID IN (?, ?)";
cmd.Parameters.Add("?ID1", OdbcType.VarChar, 250).Value = email1;
cmd.Parameters.Add("?ID2", OdbcType.VarChar, 250).Value = email2;

    Please note the usage of ? (question mark) instead of @ (at sign) within the parameter name. Although note that substitution of parameters' values in this case has nothing to do with their names, but only with their order with the parameters collection.

    I hope this helps :-)

    0 讨论(0)
 看不清?
提交回复
热议问题