1. 首页
  2. 问答
  3. 参数化SQL插入失败

参数化SQL插入失败

2017-03-02 125 views
0

我有一个C#winform应用程序,我试图将我的插入语句转换为参数化的SQL存储过程。当我ExecuteNonQuery,我回到-1,我似乎无法找出原因。参数化SQL插入失败

SQL过程:

CREATE PROCEDURE CreateReceiver 
-- Add the parameters for the stored procedure here 
@DBNAME sysname, 
@SiteID varchar(25), 
@Receiver varchar(25), 
@StatusID int, 
@ExpDelDate Date, 
@CreateDate DateTime, 
@CreateUserID varchar(25), 
@CreateUserName varchar(25), 
@ModDate DateTime, 
@ModUserName varchar(25), 
@ModUserID varchar(25), 
@UserField5 varchar(25) 
AS 
BEGIN 

DECLARE @sql NVARCHAR(MAX); 

SET @sql = ' 
INSERT INTO @DBNAME (SiteId, ReceiverNumber, StatusId, ExpectedDeliveryDate, CreatedDate, CreatedUserID, 
CreatedUserName, ModifiedDate, ModifiedUserID, ModifiedUserName, UserField5) VALUES (@SiteID,@Receiver,@StatusID, 
@ExpDelDate,@CreateDate,@CreateUserID,@CreateUserName,@ModDate,@ModUserID,@ModUserName,@UserField5) 
'; 
SET @sql = REPLACE(@sql, '@DBNAME', @DBNAME); 

exec sp_executesql @sql, 
        N'@SiteID varchar(25), @Receiver varchar(25), @StatusID int, @ExpDelDate Date, @CreateDate DateTime, @CreateUserID varchar(25), 
        @CreateUserName varchar(25), @ModDate DateTime, @ModUserID varchar(25), @ModUserName varchar(25), @UserField5 varchar(25)', 
        @[email protected], @[email protected], @[email protected], @[email protected], @[email protected], 
        @[email protected], @[email protected], @[email protected], @[email protected], 
        @[email protected], @[email protected]; 
END 
GO

这里是调用过程的C#代码:

internal static bool BuildReturnReceiver(string pReturnTrackingNumber, string pCustomer, string pSiteId, SqlArgs pSqlArgs) 
    { 
     var pwd = GetPwd(); 
     var sqlCred = new SqlCredential(Sqluser, pwd); 
     var tCatalog = GetDB(pSqlArgs.sqlDB); 

     var sqlConnection = new SqlConnection 
     { 
      ConnectionString = $"Data Source={SqlServer};Initial Catalog=TSC-Telaid;", 
      Credential = sqlCred 
     }; 

     var dbName = $"[{tCatalog}].dbo.[{pSqlArgs.sqlTable}]"; 

     var tExpDelDate = CalculateDays(); 
     var name = GetUser(); 

     var sqlCommand = new SqlCommand 
     { 
      Connection = sqlConnection, 
      CommandType = CommandType.StoredProcedure, 
      CommandText = "CreateReceiver", 
      Parameters = { new SqlParameter("@DBNAME", dbName), new SqlParameter("@SiteID", pSiteId), 
       new SqlParameter("@Receiver", pSqlArgs.sqlFilterValue), new SqlParameter("@StatusID", 56), new SqlParameter("@ExpDelDate", tExpDelDate), 
       new SqlParameter("@CreateDate", DateTime.Now), new SqlParameter("@CreateUserID", WindowsIdentity.GetCurrent().Name), 
       new SqlParameter("@CreateUserName", name), new SqlParameter("@ModDate", DateTime.Now), new SqlParameter("@ModUserID", WindowsIdentity.GetCurrent().Name), 
       new SqlParameter("@ModUserName", name), new SqlParameter("@UserField5", pSqlArgs.sqlUpdateValue)}, 
     }; 

     try 
     { 
      sqlConnection.Open(); 
      return sqlCommand.ExecuteNonQuery().Equals(1); 
     } 
     catch (SqlException ex) 
     { 
      MessageBox.Show(@"Error: " + ex.Message, @"Exception", MessageBoxButtons.OK, 
       MessageBoxIcon.Exclamation); 
      return false; 
     } 
     finally 
     { 
      sqlConnection.Close(); 
     } 

    }

- 编辑 -

更正SQL程序:

Alter PROCEDURE CreateReceiver 
-- Add the parameters for the stored procedure here 
@DBNAME sysname, 
@SiteID varchar(MAX), 
@Receiver varchar(MAX), 
@StatusID int, 
@ExpDelDate Date, 
@CreateDate DateTime, 
@CreateUserID varchar(MAX), 
@CreateUserName varchar(MAX), 
@ModDate DateTime, 
@ModUserName varchar(MAX), 
@ModUserID varchar(MAX), 
@UserField5 varchar(MAX) 
AS 
BEGIN 
DECLARE @sql NVARCHAR(MAX); 

SET @sql = N' 
INSERT INTO ' + @DBNAME + '(SiteId, ReceiverNumber, StatusId, ExpectedDeliveryDate, CreatedDate, CreatedUserID, 
CreatedUserName, ModifiedDate, ModifiedUserID, ModifiedUserName, UserField5) VALUES (@SiteID,@Receiver,@StatusID, 
@ExpDelDate,@CreateDate,@CreateUserID,@CreateUserName,@ModDate,@ModUserID,@ModUserName,@UserField5) 
'; 
--SET @sql = REPLACE(@sql, '@DBNAME', @DBNAME); 

exec sp_executesql @sql, 
        N'@SiteID varchar(MAX), @Receiver varchar(MAX), @StatusID int, @ExpDelDate Date, @CreateDate DateTime, @CreateUserID varchar(MAX), 
        @CreateUserName varchar(MAX), @ModDate DateTime, @ModUserID varchar(MAX), @ModUserName varchar(MAX), @UserField5 varchar(MAX)', 
        @[email protected], @[email protected], @[email protected], @[email protected], @[email protected], 
        @[email protected], @[email protected], @[email protected], @[email protected], 
        @[email protected], @[email protected]; 
END 
GO

来源

2017-03-02 Drew Jackson

+0

所以...你有错误信息吗? – SqlZim

+0

如果我做'var t = sqlCommand.ExecuteNonQuery',我得到-1 –

回答

0

您无法通过选项卡列名作为参数(这种情况下它被命名为@DBNAME)。

您需要制作查询的这一部分。注意我还在字符串的开头添加了N。这是为了避免从ASCII到UNICODE转换的任何缺陷。

SET @sql = N' 
INSERT INTO ' + @DBNAME + '(....'

- 编辑 -

删除QUOTENAME感谢SqlZim谁指出,要传递的Database.schema.TableName作为一个单件的数据。 QUOTENAME在这一点上不会奏效。

来源

2017-03-02 19:55:53

+1

它看起来像他在这里替换它:'SET @sql = REPLACE(@sql,'@DBNAME',@DBNAME);'它包含table name too'var dbName = $“[{tCatalog}]。dbo。[{pSqlArgs.sqlTable}]”;' – SqlZim

相关问题

 相关问题