Is it possible to execute a BACKUP statement using a parameterised query?

亡梦爱人 提交于 2021-01-29 03:23:52

问题


Iam using above sql command. But the parameters are not adding. I have 2 textboxes to specify location and name. but its not passing to the query. Any solution?

SqlConnection con = new SqlConnection(CS);
con.Open();
SqlCommand cmd= new SqlCommand("BACKUP DATABASE BillingSoftware TO DISK = '@Loc:\\@Name.BAK'",con);

cmd.Parameters.AddWithValue("@Loc", textBox_BackupDatabaseLocation.Text);
cmd.Parameters.AddWithValue("@Name", textBox_BackupDatabaseName.Text);
cmd.ExecuteNonQuery();

回答1:


Instead of passing two separate parameters and trying to concatenate them in the SQL script, just pass the complete path as a single parameter. You can create a valid path from a folder and filename with System.IO.Path.Combine:

var folder=textBox_BackupDatabaseLocation.Text;
var filename = textBox_BackupDatabaseName.Text;
var fullPath=Path.Combine(folder,filename);

//...
var cmd= new SqlCommand("BACKUP DATABASE BillingSoftware TO DISK = @fullPath",con);
cmd.Parameters.AddWithValue("@fullPath", fullPath);
cmd.ExecuteNonQuery();

Path.Combine generates a correct file path even if there are eg trailing or missing slashes in the folder name, which would make string concatenation break.

Another option is to avoid SQL statements and use the SQL Server Management Objects library. In the end, SMO generates SQL commands but it exposes all functionality in an API that should make finding and specifying additional options very easy.

I say should because the documentation isn't up to SQL Server standards. The class reference is there but the examples ... Check Backing Up and Restoring Databases and Transaction Logs. Perhaps there is a better SO Documentation page for this.

Anyway, the example code can be distilled to this:

//Local server
var srv = new Server();  
var db = srv.Databases["AdventureWorks2012"];    
var bk = new Backup
         {
             Action = BackupActionType.Database,
             BackupSetDescription = "Full backup of Adventureworks2012",
             BackupSetName = "AdventureWorks2012 Backup",
             Database = "AdventureWorks2012",
             Checksum = true
         };

var bdi = new BackupDeviceItem(fullDestinationPath,DeviceType.File);  
bk.Devices.Add(bdi);  
bk.SqlBackup(srv);  

The advantage is that you can target multiple databases eg in a loop, get progress notifications etc.

UPDATE

The Path class contains methods that can be used to validate paths, eg Path.IsPathRooted can be used to check whether the path is a full path. Other System.IO classes can be used for validation, eg Directory.Exists check if a folder exists.




回答2:


Since you need to concatenate disk location and database backup filename seperately, you should add + for concatenation of both to get absolute path of the bak file.

Try using following query:

SqlCommand cmd= new SqlCommand("BACKUP DATABASE BillingSoftware TO DISK = @Loc + ':\\' + @Name + '.BAK'",con);



回答3:


Since after reading your comments, you need to pass these two parameters separately. You need to create variable at each line and then use for concatenation since t-sql does not allow concatenation of variables directly. I got a workaround for you:

declare @drive varchar(max);declare @path varchar(max);declare @fullpath varchar(max);set @drive = @Loc + ':\\';set @path = @Name + '.bak' ;set @fullpath = @drive + @path;BACKUP DATABASE BillingSoftware TO DISK = @fullpath

It looks some extra, but will fulfill your need. Thank me later!

To save yourself from SQL injection, better concatenate filename and path at c# side:

string dbBackupName = "some name here.bak";
            SqlConnection con = new SqlConnection(CS);
            con.Open();
            SqlCommand cmd = new SqlCommand("BACKUP DATABASE BillingSoftware TO DISK = @dbFullName", con);

            cmd.Parameters.AddWithValue("@dbFullName", textBox_BackupDatabaseLocation.Text + "\\" + dbBackupName);
            cmd.ExecuteNonQuery();


来源:https://stackoverflow.com/questions/41378766/is-it-possible-to-execute-a-backup-statement-using-a-parameterised-query

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!