1. 首頁
  2. 問答
  3. 參數化SQL插入失敗

參數化SQL插入失敗

2017-03-02 128 views
0

我有一個C#winform應用程序,我試圖將我的插入語句轉換爲參數化的SQL存儲過程。當我ExecuteNonQuery,我回到-1,我似乎無法找出原因。參數化SQL插入失敗

SQL過程:

CREATE PROCEDURE CreateReceiver 
-- Add the parameters for the stored procedure here 
@DBNAME sysname, 
@SiteID varchar(25), 
@Receiver varchar(25), 
@StatusID int, 
@ExpDelDate Date, 
@CreateDate DateTime, 
@CreateUserID varchar(25), 
@CreateUserName varchar(25), 
@ModDate DateTime, 
@ModUserName varchar(25), 
@ModUserID varchar(25), 
@UserField5 varchar(25) 
AS 
BEGIN 

DECLARE @sql NVARCHAR(MAX); 

SET @sql = ' 
INSERT INTO @DBNAME (SiteId, ReceiverNumber, StatusId, ExpectedDeliveryDate, CreatedDate, CreatedUserID, 
CreatedUserName, ModifiedDate, ModifiedUserID, ModifiedUserName, UserField5) VALUES (@SiteID,@Receiver,@StatusID, 
@ExpDelDate,@CreateDate,@CreateUserID,@CreateUserName,@ModDate,@ModUserID,@ModUserName,@UserField5) 
'; 
SET @sql = REPLACE(@sql, '@DBNAME', @DBNAME); 

exec sp_executesql @sql, 
        N'@SiteID varchar(25), @Receiver varchar(25), @StatusID int, @ExpDelDate Date, @CreateDate DateTime, @CreateUserID varchar(25), 
        @CreateUserName varchar(25), @ModDate DateTime, @ModUserID varchar(25), @ModUserName varchar(25), @UserField5 varchar(25)', 
        @[email protected], @[email protected], @[email protected], @[email protected], @[email protected], 
        @[email protected], @[email protected], @[email protected], @[email protected], 
        @[email protected], @[email protected]; 
END 
GO

這裏是調用過程的C#代碼:

internal static bool BuildReturnReceiver(string pReturnTrackingNumber, string pCustomer, string pSiteId, SqlArgs pSqlArgs) 
    { 
     var pwd = GetPwd(); 
     var sqlCred = new SqlCredential(Sqluser, pwd); 
     var tCatalog = GetDB(pSqlArgs.sqlDB); 

     var sqlConnection = new SqlConnection 
     { 
      ConnectionString = $"Data Source={SqlServer};Initial Catalog=TSC-Telaid;", 
      Credential = sqlCred 
     }; 

     var dbName = $"[{tCatalog}].dbo.[{pSqlArgs.sqlTable}]"; 

     var tExpDelDate = CalculateDays(); 
     var name = GetUser(); 

     var sqlCommand = new SqlCommand 
     { 
      Connection = sqlConnection, 
      CommandType = CommandType.StoredProcedure, 
      CommandText = "CreateReceiver", 
      Parameters = { new SqlParameter("@DBNAME", dbName), new SqlParameter("@SiteID", pSiteId), 
       new SqlParameter("@Receiver", pSqlArgs.sqlFilterValue), new SqlParameter("@StatusID", 56), new SqlParameter("@ExpDelDate", tExpDelDate), 
       new SqlParameter("@CreateDate", DateTime.Now), new SqlParameter("@CreateUserID", WindowsIdentity.GetCurrent().Name), 
       new SqlParameter("@CreateUserName", name), new SqlParameter("@ModDate", DateTime.Now), new SqlParameter("@ModUserID", WindowsIdentity.GetCurrent().Name), 
       new SqlParameter("@ModUserName", name), new SqlParameter("@UserField5", pSqlArgs.sqlUpdateValue)}, 
     }; 

     try 
     { 
      sqlConnection.Open(); 
      return sqlCommand.ExecuteNonQuery().Equals(1); 
     } 
     catch (SqlException ex) 
     { 
      MessageBox.Show(@"Error: " + ex.Message, @"Exception", MessageBoxButtons.OK, 
       MessageBoxIcon.Exclamation); 
      return false; 
     } 
     finally 
     { 
      sqlConnection.Close(); 
     } 

    }

- 編輯 -

更正SQL程序:

Alter PROCEDURE CreateReceiver 
-- Add the parameters for the stored procedure here 
@DBNAME sysname, 
@SiteID varchar(MAX), 
@Receiver varchar(MAX), 
@StatusID int, 
@ExpDelDate Date, 
@CreateDate DateTime, 
@CreateUserID varchar(MAX), 
@CreateUserName varchar(MAX), 
@ModDate DateTime, 
@ModUserName varchar(MAX), 
@ModUserID varchar(MAX), 
@UserField5 varchar(MAX) 
AS 
BEGIN 
DECLARE @sql NVARCHAR(MAX); 

SET @sql = N' 
INSERT INTO ' + @DBNAME + '(SiteId, ReceiverNumber, StatusId, ExpectedDeliveryDate, CreatedDate, CreatedUserID, 
CreatedUserName, ModifiedDate, ModifiedUserID, ModifiedUserName, UserField5) VALUES (@SiteID,@Receiver,@StatusID, 
@ExpDelDate,@CreateDate,@CreateUserID,@CreateUserName,@ModDate,@ModUserID,@ModUserName,@UserField5) 
'; 
--SET @sql = REPLACE(@sql, '@DBNAME', @DBNAME); 

exec sp_executesql @sql, 
        N'@SiteID varchar(MAX), @Receiver varchar(MAX), @StatusID int, @ExpDelDate Date, @CreateDate DateTime, @CreateUserID varchar(MAX), 
        @CreateUserName varchar(MAX), @ModDate DateTime, @ModUserID varchar(MAX), @ModUserName varchar(MAX), @UserField5 varchar(MAX)', 
        @[email protected], @[email protected], @[email protected], @[email protected], @[email protected], 
        @[email protected], @[email protected], @[email protected], @[email protected], 
        @[email protected], @[email protected]; 
END 
GO

來源

2017-03-02 Drew Jackson

+0

所以...你有錯誤信息嗎? – SqlZim

+0

如果我做'var t = sqlCommand.ExecuteNonQuery',我得到-1 –

回答

0

您無法通過選項卡列名作爲參數(這種情況下它被命名爲@DBNAME)。

您需要製作查詢的這一部分。注意我還在字符串的開頭添加了N。這是爲了避免從ASCII到UNICODE轉換的任何缺陷。

SET @sql = N' 
INSERT INTO ' + @DBNAME + '(....'

- 編輯 -

刪除QUOTENAME感謝SqlZim誰指出,要傳遞的Database.schema.TableName作爲一個單件的數據。 QUOTENAME在這一點上不會奏效。

來源

2017-03-02 19:55:53

+1

它看起來像他在這裏替換它:'SET @sql = REPLACE(@sql,'@DBNAME',@DBNAME);'它包含table name too'var dbName = $「[{tCatalog}]。dbo。[{pSqlArgs.sqlTable}]」;' – SqlZim

相關問題

 相關問題