在 C# 中使用参数动态 SQL 查询
Dynamic SQL query with parameters in C#
我想构建一个动态查询,其中列名和 table 名称是参数。
下面是我写的代码:
string query = "DECLARE @sqlQuery varchar(max); " +
" SELECT @sqlQuery = 'select distinct [@columnName] from [" +
Globals.REPORTING_SCHEMA + "].[@tableName]'; " +
" exec(@sqlQuery);";
List<SqlParameter> parametersList = new List<SqlParameter>();
SqlParameter param = new SqlParameter();
param.ParameterName = "tableName";
param.SqlDbType = System.Data.SqlDbType.VarChar;
param.Value = request.TableName;
parametersList.Add(param);
param = new SqlParameter();
param.ParameterName = "columnName";
param.SqlDbType = System.Data.SqlDbType.VarChar;
param.Value = request.ColumnName;
parametersList.Add(param);
SQLHelpher sqlHelper = new SQLHelpher(networkConnectionString);
SqlDataReader dataReader = sqlHelper.ExecuteReader(query, parametersList);
我创建了两个参数,@columnname 和 @tablename,它们被传递给函数:
public SqlDataReader ExecuteReader(string sql, List<SqlParameter> parametersList = null)
{
SqlConnection conn = new SqlConnection();
conn.ConnectionString = this._connectionString;
conn.Open();
SqlCommand cmd = new SqlCommand();
cmd.Connection = conn;
cmd.CommandText = sql;
cmd.CommandType = CommandType.Text;
if (parametersList != null)
{
foreach (SqlParameter p in parametersList)
{
cmd.Parameters.Add(p);
}
}
SqlDataReader reader = cmd.ExecuteReader(CommandBehavior.CloseConnection);
return reader;
}
这给了我以下错误:
"Invalid object name 'reporting.@tableName"
似乎在执行命令时参数值没有被替换。我在这里错过了什么?
您只需稍微调整一下 SQL 查询字符串,因为在 SQL 看来您的参数是字符串的一部分。
将它改成这样应该可以工作:
string query = "DECLARE @sqlQuery varchar(max); " +
" SELECT @sqlQuery = 'select distinct [' + @columnName + '] from [" +
Globals.REPORTING_SCHEMA + "].[' + @tableName + ']'; " +
" exec(@sqlQuery);";
我想构建一个动态查询,其中列名和 table 名称是参数。
下面是我写的代码:
string query = "DECLARE @sqlQuery varchar(max); " +
" SELECT @sqlQuery = 'select distinct [@columnName] from [" +
Globals.REPORTING_SCHEMA + "].[@tableName]'; " +
" exec(@sqlQuery);";
List<SqlParameter> parametersList = new List<SqlParameter>();
SqlParameter param = new SqlParameter();
param.ParameterName = "tableName";
param.SqlDbType = System.Data.SqlDbType.VarChar;
param.Value = request.TableName;
parametersList.Add(param);
param = new SqlParameter();
param.ParameterName = "columnName";
param.SqlDbType = System.Data.SqlDbType.VarChar;
param.Value = request.ColumnName;
parametersList.Add(param);
SQLHelpher sqlHelper = new SQLHelpher(networkConnectionString);
SqlDataReader dataReader = sqlHelper.ExecuteReader(query, parametersList);
我创建了两个参数,@columnname 和 @tablename,它们被传递给函数:
public SqlDataReader ExecuteReader(string sql, List<SqlParameter> parametersList = null)
{
SqlConnection conn = new SqlConnection();
conn.ConnectionString = this._connectionString;
conn.Open();
SqlCommand cmd = new SqlCommand();
cmd.Connection = conn;
cmd.CommandText = sql;
cmd.CommandType = CommandType.Text;
if (parametersList != null)
{
foreach (SqlParameter p in parametersList)
{
cmd.Parameters.Add(p);
}
}
SqlDataReader reader = cmd.ExecuteReader(CommandBehavior.CloseConnection);
return reader;
}
这给了我以下错误:
"Invalid object name 'reporting.@tableName"
似乎在执行命令时参数值没有被替换。我在这里错过了什么?
您只需稍微调整一下 SQL 查询字符串,因为在 SQL 看来您的参数是字符串的一部分。
将它改成这样应该可以工作:
string query = "DECLARE @sqlQuery varchar(max); " +
" SELECT @sqlQuery = 'select distinct [' + @columnName + '] from [" +
Globals.REPORTING_SCHEMA + "].[' + @tableName + ']'; " +
" exec(@sqlQuery);";