Part of our solution is a page that displays company-specific information using an ASP Gridview
. Our method of constructing the SQL that feeds the Gridview
is by using C# to build a custom SELECT
statement based on a series of user inputs.
Once the user applies their filters through a button click
, C# loops through all of their selections (check boxes and text boxes
) and then propagates those selections to a separate method which constructs a WHERE
clause to append to a simple SELECT
statement. We use a Table-Valued Function in the FROM statement
, and the only input parameter is from the Querystring
and this does not change throughout the process.
Once the query has been assembled using C#, we apply this query to the SqlDataSource
as the Select Command
. However, we have recently discovered a very bizarre SQL error that we haven’t seen before:
Errors :
"The variable name '@' has already been declared
.
Variable names must be unique within a query batch or stored procedure.
"
We aren’t declaring any variables in our SQL. As stated above, the only input parameter comes from the Querystring
, and we access this parameter using both QueryStringParameters
in the ASP:SqlDataSource
on the ASP side and “<code>int.Parse(Request.QueryString["id"]).ToString()” on the C# side while constructing the SQL query.
After researching this error, I have yet to find an instance where the variable declaration is empty. Most people are getting errors similar to this when they have declared a variable such as '@email' or '@address'
twice. We have no double declarations, and the fact that the variable in the error is not defined is causing a massive headache.
Has anyone seen anything like this before or have any suggestions on how to further debug?
I'll post some code if need be, but we are mostly interested to see if anyone has seen an error like this before.
Code:
string MainQueryStr = ResultsPages.SearchString(SearchVariables(), Request,
ProjectsSqlds, 0, "SELECT DISTINCT dbo.{0}.* FROM dbo.{0}(" + int.Parse(Request.QueryString["id"]).ToString() + ")",
"getXyzById", "AbcId");
StringBuilder SearchQueryStr = new StringBuilder();
SearchQueryStr.Append(MainQueryStr);
SearchQueryStr.Append(" ORDER BY AbcName");
ProjectsSqlds.SelectCommand = SearchQueryStr.ToString();
The search string function is a 500 line method that we can't post right now. It is used all over our solution and works as it should. It stitches together strings to create the query.
This is how the SearchString function appends the parameters:
l.Add(ResultsPages.NewSearchQueryString(ABCFiltersTxBx, SearchQueryStringVariableType.String,
"{1}.AbcID IN (" + ABCFiltersTxBx.Text + ")"));
Where the ABCFiltersTxBx is parsed into a comma separated string.