sqlparameter | 易学教程

How to create NVarchar(max) Sqlparameter in C#? [duplicate]

阅读更多关于 How to create NVarchar(max) Sqlparameter in C#? [duplicate]

This question already has an answer here: What size do you use for varchar(MAX) in your parameter declaration? 4 answers I've got the following code to pull back a DataTable using a stored procedure and inputting a string parameter @JobNumbers, which is dynamically created string of job numbers (and therefore length is unknown): using (SqlConnection connection = new SqlConnection(con)) { SqlCommand cmd = new SqlCommand("dbo.Mystoredprocedure", connection); cmd.CommandType = CommandType.StoredProcedure; cmd.Parameters.Add("@JobNumbers", SqlDbType.VarChar, 4000); cmd.Parameters["@JobNumbers"]

poor performance with sqlparameter

阅读更多关于 poor performance with sqlparameter

问题 I have a web service, so the handler is called multiple times concurrently all the time. Inside I create SqlConnection and SqlCommand. I have to execute about 7 different commands. Different commands require various parameters, so I just add them once: command.Parameters.Add(new SqlParameter("@UserID", userID)); command.Parameters.Add(new SqlParameter("@AppID", appID)); command.Parameters.Add(new SqlParameter("@SID", SIDInt)); command.Parameters.Add(new SqlParameter("@Day", timestamp.Date));

Why does the SqlParameter name/value constructor treat 0 as null?

阅读更多关于 Why does the SqlParameter name/value constructor treat 0 as null?

I observed a strange problem in a piece of code where an adhoc SQL query was not producing the expected output, even though its parameters matched records in the data source. I decided to enter the following test expression into the immediate window: new SqlParameter("Test", 0).Value This gave a result of null , which leaves me scratching my head. It seems that the SqlParameter constructor treats zeroes as nulls. The following code produces the correct result: SqlParameter testParam = new SqlParameter(); testParam.ParameterName = "Test"; testParam.Value = 0; // subsequent inspection shows that

Escaping special characters in a SQL LIKE statement using sql parameters

阅读更多关于 Escaping special characters in a SQL LIKE statement using sql parameters

问题 I have a table containing products. I need to make a query finding all the matching results to an user-input value. I am using SqlParameter for the insertion of the inputs. SqlCommand findProcutsByPattern = new SqlCommand( "SELECT *" + " FROM [Products]" + " WHERE ProductName LIKE @pattern", connection); findProcutsByPattern.Parameters.AddWithValue("@pattern", '%' + pattern + '%'); The problem comes when the user input string contains '_' or '%' as they're being interpreted as special

Is it possible to get the parsed text of a SqlCommand with SqlParameters?

阅读更多关于 Is it possible to get the parsed text of a SqlCommand with SqlParameters?

问题 What I am trying to do is create some arbitrary sql command with parameters, set the values and types of the parameters, and then return the parsed sql command - with parameters included. I will not be directly running this command against a sql database, so no connection should be necessary. So if I ran the example program below, I would hope to see the following text (or something similar): WITH SomeTable (SomeColumn) AS ( SELECT N':)' UNION ALL SELECT N'>:o' UNION ALL SELECT N'^_^' )

SqlParameter does not allows Table name - other options without sql injection attack?

阅读更多关于 SqlParameter does not allows Table name - other options without sql injection attack?

I got a runtime error saying "Must declare the table variable "@parmTableName" . Meaning having table name as sql parameter in the sql-statement is not allowed. Is there a better option or suggestion than allowing sql injection attack? I don't want to do this C# script for sql statement " DELETE FROM " + tableName + " " ; using(var dbCommand = dbConnection.CreateCommand()) { sqlAsk = ""; sqlAsk += " DELETE FROM @parmTableName "; sqlAsk += " WHERE ImportedFlag = 'F' "; dbCommand.Parameters.Clear(); dbCommand.Parameters.AddWithValue("@parmTableName", tableName); dbConnection.Open(); rowAffected

WHERE IN (array of IDs)

阅读更多关于 WHERE IN (array of IDs)

I have webservice which is passed an array of ints. I'd like to do the select statement as follows but keep getting errors. Do I need to change the array to a string? [WebMethod] public MiniEvent[] getAdminEvents(int buildingID, DateTime startDate) { command.CommandText = @"SELECT id, startDateTime, endDateTime From tb_bookings WHERE buildingID IN (@buildingIDs) AND startDateTime <= @fromDate"; SqlParameter buildID = new SqlParameter("@buildingIDs", buildingIDs); } You can't (unfortunately) do that. A Sql Parameter can only be a single value, so you'd have to do: WHERE buildingID IN (

Why does the SqlParameter name/value constructor treat 0 as null?

阅读更多关于 Why does the SqlParameter name/value constructor treat 0 as null?

问题 I observed a strange problem in a piece of code where an adhoc SQL query was not producing the expected output, even though its parameters matched records in the data source. I decided to enter the following test expression into the immediate window: new SqlParameter("Test", 0).Value This gave a result of null , which leaves me scratching my head. It seems that the SqlParameter constructor treats zeroes as nulls. The following code produces the correct result: SqlParameter testParam = new

SqlParameter does not allows Table name - other options without sql injection attack?

阅读更多关于 SqlParameter does not allows Table name - other options without sql injection attack?

问题 I got a runtime error saying \"Must declare the table variable \"@parmTableName\" . Meaning having table name as sql parameter in the sql-statement is not allowed. Is there a better option or suggestion than allowing sql injection attack? I don\'t want to do this C# script for sql statement \" DELETE FROM \" + tableName + \" \" ; using(var dbCommand = dbConnection.CreateCommand()) { sqlAsk = \"\"; sqlAsk += \" DELETE FROM @parmTableName \"; sqlAsk += \" WHERE ImportedFlag = \'F\' \";

How to pass XML from C# to a stored procedure in SQL Server 2008?

阅读更多关于 How to pass XML from C# to a stored procedure in SQL Server 2008?

问题 I want to pass xml document to sql server stored procedure such as this: CREATE PROCEDURE BookDetails_Insert (@xml xml) I want compare some field data with other table data and if it is matching that records has to inserted in to the table. Requirements: How do I pass XML to the stored procedure? I tried this, but it doesn’t work: [Working] command.Parameters.Add( new SqlParameter(\"@xml\", SqlDbType.Xml) { Value = new SqlXml(new XmlTextReader(xmlToSave.InnerXml, XmlNodeType.Document, null))