sqlcommand

问题 Because SqlCommand implements IDisposable , I would normally approach an ADO query as follows. using (SqlConnection connection = new SqlConnection(connectionString)) using (SqlCommand command = new SqlCommand(query, connection)) { // Execute command, etc. here } However, what if I need to execute multiple commands during a single connection? Do I really need a new using block for each command? The examples I found from Microsoft don't use a using block for SqlCommand s (or even call Dispose()

问题 I have tried to pass parameter a value, but what it returns is nothing. If I use a simple sql command without parameter I can retrieve all the data from my database. Here is my code: Public Shared Function RetrieveData() As DataTable Connection.Open() Try sql = "SELECT DEP_ID AS CODE, DEP_NAME AS DEPARTMENT FROM DEPART_TBL WHERE " & FieldName & " LIKE N'%@criteria%'" da = New SqlDataAdapter da.SelectCommand = New SqlCommand(sql, Connection.SQLConnection) da.SelectCommand.Parameters.Add("

问题 I have the following snippet of code in my WCF web service that builds a set of where conditions according to the formatting of the values of a provided dictionary. public static Dictionary<string, string>[] VehicleSearch(Dictionary<string, string> searchParams, int maxResults) { string condition = ""; foreach (string key in searchParams.Keys) { //Split out the conditional in case multiple options have been set (i.e. SUB;OLDS;TOY) string[] parameters = searchParams[key].Split(';'); if

问题 I have the following snippet of code in my WCF web service that builds a set of where conditions according to the formatting of the values of a provided dictionary. public static Dictionary<string, string>[] VehicleSearch(Dictionary<string, string> searchParams, int maxResults) { string condition = ""; foreach (string key in searchParams.Keys) { //Split out the conditional in case multiple options have been set (i.e. SUB;OLDS;TOY) string[] parameters = searchParams[key].Split(';'); if

问题 In terms of SQL injection, I completely understand the necessity to parameterize a string parameter; that's one of the oldest tricks in the book. But when can it be justified to not parameterize an SqlCommand ? Are any data types considered "safe" to not parameterize? For example: I don't consider myself anywhere near an expert in SQL, but I can't think of any cases where it would be potentially vulnerable to SQL injection to accept a bool or an int and just concatenate it right into the

问题 I am Trying to generate random Ids from a given table. I can see the random number generated in debug but when I reach to reader.Read() line it shows Enumeration yielded no results. I couldn't quite get what I am missing. private static void GetRandomId(int maxValue) { string connectionString = "Data Source=local;Initial Catalog=Test;user id=Test;password=Test123;"; string queryString = @"SELECT TOP 1 Id from Pointer WHERE Id > (RAND() * @max);"; using (var connection = new SqlConnection

问题 Is it possible to parse sql parameters from plain commandtext? e.g. //cmdtext = SELECT * FROM AdWorks.Countries WHERE id = @id SqlCommand sqlc = new SqlCommand(cmdtext); SqlParameterCollection parCol = sqlc.Parameters //should contain now 1 paramter called '@id' 回答1: If a SQL Server is available, the best option may be to simply ask the server what it thinks ; the server has parsing and metadata functions built in, for example sp_describe_undeclared_parameters. 回答2: I ended up with this

问题 I'm fairly new to sql and am having a problem with keywords causing havoc in my sql script. I'm trying to execute a list of premade .sql script files in C#. I'm currently reading the file to a string and executing it with command.ExecuteNonQuery(). This works great for most of the scripts, but I'm running into one that inadvertently contains a keyword: INSERT INTO [thetable] SELECT '123123', 'abcabc', 'I WANT TO GO TO BED' UNION ALL SELECT '123124', 'abcdef', 'SOOO TIRED' Essentially, when it

问题 I am using Microsoft.SqlServer.Management.Smo . My Code: Server server = new Server(new ServerConnection( new SqlConnection(ConnectionString)); server.ConnectionContext.ExecuteNonQuery(script); I want to set CommandTimeout for it like we do with normal SQLCommand Please tell me how to set CommandTimeout for queries running through Microsoft.SqlServer.Management.Smo.Server 回答1: Try server.ConnectionContext.StatementTimeout 回答2: You can set command timeout using the SMO object as shown below:

问题 I have this error : Must declare the scalar variable "@Login". My code : using (SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["intranetv2"].ConnectionString)) { SqlCommand cmd = new SqlCommand("insert into [MyBase].[Dbo].[LogErrors] (Username, StackTrace, ShortDescription, DetailDescription, ErrorType) VALUES (@Login, @Stack, @Message, @Txt, @Source)", conn); SqlParameter param = new SqlParameter(); param.ParameterName = "Login"; param.Value = user.Login; param