SqlCommand.Prepare method requires all parameters to have an explicitly set type

坚强是说给别人听的谎言 提交于 2020-03-16 05:27:42

问题


I have the following snippet of code in my WCF web service that builds a set of where conditions according to the formatting of the values of a provided dictionary.

public static Dictionary<string, string>[] VehicleSearch(Dictionary<string, string> searchParams, int maxResults)
{
    string condition = "";
    foreach (string key in searchParams.Keys)
    {
        //Split out the conditional in case multiple options have been set (i.e. SUB;OLDS;TOY)
        string[] parameters = searchParams[key].Split(';');
        if (parameters.Length == 1)
        {
            //If a single condition (no choice list) check for wildcards and use a LIKE if necessary
            string predicate = parameters[0].Contains('%') ? " AND {0} LIKE @{0}" : " AND {0} = @{0}";
            condition += String.Format(predicate, key);
        }
        else
        {
            //If a choice list, split out query into an IN condition
            condition += string.Format(" AND {0} IN({1})", key, string.Join(", ", parameters));
        }
    }

    SqlCommand cmd = new SqlCommand(String.Format(VEHICLE_QUERY, maxResults, condition));
    foreach (string key in searchParams.Keys)
        cmd.Parameters.AddWithValue("@" + key, searchParams[key]);
    cmd.Prepare();

Note that the values in the dictionary are explicitly set to strings and that they are the only items being sent into the AddWithValue statements. This produces SQL like this:

SELECT TOP 200 MVINumber AS MVINumber
    , LicensePlateNumber
    , VIN
    , VehicleYear
    , MakeG
    , ModelG
    , Color
    , Color2
FROM [Vehicle_Description_v]
WHERE 1=1 AND VIN LIKE @VIN

And errors out saying that

System.InvalidOperationException: SqlCommand.Prepare method requires all parameters to have an explicitly set type.

All searching that I have done says that I need to tell AddWithValue the type of values that I'm preparing, but all of my prepared values are strings and all examples I've seen don't perform anything extra when they're dealing with strings. What am I missing?


回答1:


Instead of this:

cmd.Parameters.AddWithValue("@" + key, searchParams[key]);

you need to use something like this:

cmd.Parameters.Add("@" + key, SqlDbType.******).Value = searchParams[key];

You need to be able to somehow determine what datatype your parameters will have to be.

This can be something like:

  • SqlDbType.Int for integer values
  • SqlDbType.VarChar for non-Unicode strings (don't forget the specify a length of the string!)
  • SqlDbType.UniqueIdentifier for Guids
    etc.

Using AddWithValue is convenient - but it leaves it up to ADO.NET to guess the datatype, based on the value passed in. Most of the time, those guesses are pretty good - but at times, they can be off.

I would recommend that you always explicitly say what datatype you want.




回答2:


If you read the documentation, you'll see that when you're using SQLCommand.Prepare, you need to use Parameters.Add and assign a datatype to each parameter. There is a good code sample in that link that will show you how to do it.



来源:https://stackoverflow.com/questions/11938985/sqlcommand-prepare-method-requires-all-parameters-to-have-an-explicitly-set-type

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!