sqlparameter

问题 How would you specify this: Decimal(18,2) In this: SqlComm.Parameters.Add("@myValue", SqlDbType.Decimal, 0, "myValue"); Currently I have defined precision = 2 from the design side properties. I'm just curious as to how to accomplish this from the code. Thanks 回答1: There's not an overload of Add that lets you set the decimal precision inline, so you either need to create a SQlParameter object and add it to the collection: SqlParameter param = new SqlParameter("@myValue", SqlDbType.Decimal);

问题 How would you specify this: Decimal(18,2) In this: SqlComm.Parameters.Add("@myValue", SqlDbType.Decimal, 0, "myValue"); Currently I have defined precision = 2 from the design side properties. I'm just curious as to how to accomplish this from the code. Thanks 回答1: There's not an overload of Add that lets you set the decimal precision inline, so you either need to create a SQlParameter object and add it to the collection: SqlParameter param = new SqlParameter("@myValue", SqlDbType.Decimal);

问题 How would you specify this: Decimal(18,2) In this: SqlComm.Parameters.Add("@myValue", SqlDbType.Decimal, 0, "myValue"); Currently I have defined precision = 2 from the design side properties. I'm just curious as to how to accomplish this from the code. Thanks 回答1: There's not an overload of Add that lets you set the decimal precision inline, so you either need to create a SQlParameter object and add it to the collection: SqlParameter param = new SqlParameter("@myValue", SqlDbType.Decimal);

问题 I have webservice which is passed an array of ints. I'd like to do the select statement as follows but keep getting errors. Do I need to change the array to a string? [WebMethod] public MiniEvent[] getAdminEvents(int buildingID, DateTime startDate) { command.CommandText = @"SELECT id, startDateTime, endDateTime From tb_bookings WHERE buildingID IN (@buildingIDs) AND startDateTime <= @fromDate"; SqlParameter buildID = new SqlParameter("@buildingIDs", buildingIDs); } 回答1: You can't

问题 This question already has answers here : Closed 7 years ago . Possible Duplicate: Sanitize table/column name in Dynamic SQL in .NET? (Prevent SQL injection attacks) I have a query like so: "SELECT * FROM MyTable_" + myID + " WHERE variable = @variable"; The SQL Parameterization works with variables, but how do I get it to work with table names? myID is an int I get passed in and changed (can be converted to string), but how do I protect against sql injections here? 回答1: I question why you are

问题 I am trying to re-write some code to use Dapper so I can easily use parameters. I am trying to execute an UPDATE statement on an Oracle database. A list of IDs to UPDATE is passed in as List<int> as parameter. I want to update a field for each of the IDs passed in. The following is what I have: OracleConnection connection = ... // set earlier public int IncreaseProcessCount(List<int> ids) { var rowsAffected = connection.Execute(@"UPDATE TABLE SET PROCESSED_COUNT = PROCESSED_COUNT + 1 WHERE ID

问题 I have this error : Must declare the scalar variable "@Login". My code : using (SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["intranetv2"].ConnectionString)) { SqlCommand cmd = new SqlCommand("insert into [MyBase].[Dbo].[LogErrors] (Username, StackTrace, ShortDescription, DetailDescription, ErrorType) VALUES (@Login, @Stack, @Message, @Txt, @Source)", conn); SqlParameter param = new SqlParameter(); param.ParameterName = "Login"; param.Value = user.Login; param

问题 Here is my sql datasource details <asp:SqlDataSource ID="dsMoodleQuiz" runat="server" ConnectionString="<%$ ConnectionStrings:OnlineMeetingConnectionString %>" ProviderName="<%$ ConnectionStrings:OnlineMeetingConnectionString.ProviderName %>" SelectCommand="SELECT Name, UserID, Grade, FirstName, LastName, Email, TimeModified, IDNumber FROM tbMoodleQuiz WHERE (FirstName = @FirstName) AND (LastName = @LastName)" onselecting="dsMoodleQuiz_Selecting"> <SelectParameters> <asp:Parameter Name=

问题 I'm developing an application which must support several languages. To solve the special characters problem I'm using NVarhcar for my text fields. So my SQL query for a text field is insert into tbl_text(text)values(N'Chci tančit v oblasti') My problem is to put it in SqlCommand, wich is "insert into tbl_text(text)values(N@text)" . It saves "N@text" in the DB table, sure. Do you guys know someway to do it? I'm using C# and SQL 2008. Sorry if it was hard to understand my question. My English

问题 I'm trying to create a typed-sized parameters array in VB.Net: Dim parameters() As SqlParameter = New SqlParameter() _ { New SqlParameter("@first_name", SqlDbType.VarChar, 50) {Value = "john"}, New SqlParameter("@last_name", SqlDbType.VarChar, 50) {Value = "doe"}, New SqlParameter("@age", SqlDbType.Int) {Value = 18}, New SqlParameter("@id", SqlDbType.Int) {Value = 123} } But VS says: Value' is not declared. It may be inaccessible due to its protection level What's wrong with the code above?