问题
I am currently trying to build up the where clause of an SqlCommand.
something similar to this
myCommand.CommandText = "SELECT * " +
"FROM TABLE1 " +
"@whereClause";
//I build up the where clause with a StringBuilder
myCommand.Parameters.AddWithValue("@whereClause" theClause.ToString());
But it doesn't seem like this is possible. I got the exception :
SqlException Incorrect syntax near '@whereClause'
The reason I want to do something like this is because I want to avoid X call to the database and this way I leave sorting and filtering to the server.
Is there anyway to do something similar to this?
/edit : The where clause would look something like this WHERE (TABLE1.COL1 = 'the value' OR TABLE1.COL1 = 'another value' OR TABLE1.COL1 = 'this value' ... )
/edit Finaly this was due to a stupid typo error... after I changed to not use the parametrize query. I'll upvote those answer who helped my out. I will mark as answer what was to closer to fix my situation even if it didn't fixed my (stupid) bug
回答1:
It seems you're trying to add the entire WHERE clause as a parameter - that won't work!
So suppose you need to build something like this
SELECT * from TABLE1 WHERE Field1=@Field1Value and Field2=@Field2Value
And assuming
- you have a
List<WhereField>of fields to include in the WHERE clause - and that all clauses are ANDed together
- and
WhereFieldlooks something like this
public class WhereField
{
public string FieldName{get;set;}
public object FieldValue{get;set;}
public string ComparisonOperator{get;set;}
}
then you have something like this:
var whereClause = new StringBuilder();
foreach (var field in WhereFields)
{
whereClause.Append(field.FieldName)
.Append(field.ComparisonOperator)
.Append("@")
.Append(field.FieldName).Append("Value")
.Append (" AND ");
//add the parameter as well:
myCommand.Parameters.AddWithValue("",field.FieldName+"Value");
}
//cleanly close the where clause
whereClause.Append("1=1");
And now you can execute
myCommand.CommandText = "SELECT * " +
"FROM TABLE1 WHERE " + whereClause.ToString();
回答2:
You can't use a clause (where) with parameters, you are only allowed to use parameters with command.Parameters.
To build a dynamic Where clause, you have to build your query based on conditions and string concatenation and then add the parameters accordingly.
Something like:
sb.Append("SELECT * FROM TABLE1 ");
if (someCondition)
{
sb.Append("WHERE XColumn = @XColumn");
myCommand.Parameters.AddWithValue("@XColumn", "SomeValue");
}
else
{
sb.Append("WHERE YColumn = @YColumn");
myCommand.Parameters.AddWithValue("@YColumn", "SomeOtherValue");
}
myCommand.CommandText = sb.ToString();
回答3:
May be you need
myCommand.CommandText = "SELECT * " +
"FROM TABLE1 WHERE " +
"@whereClause";
来源:https://stackoverflow.com/questions/19118245/dynamic-where-clause-in-parameter