-2

I have trouble converting this to stored procedure

//The string included in the sql statement:

        string employer = Session["Employer"].ToString();

then the sql statement

update tblWorkData set EmployerName='"+txtemployername.text+"' where EmployerName='"+Employer+"' //the string above

This works fine in asp.net But when I turn it into stored procedure,

    create proc updateWork

    @EmployerName nvarchar(max)

    as

    begin

    update tblWorkData set EmployerName=@EmployerName where EmployerName=@EmployerName
    end

Now when I execute the sp on asp.net,

    string update = "updateWork '"+employer+"','"+txtemployername.text+"'";

I got an error saying "too many arguements". What should I do?

4

2 回答 2

1

您的存储过程只接受一个参数,而您用两个参数调用它。要解决此问题,您需要更改过程以采用如下两个参数:

create proc updateWork
  @EmployerName nvarchar(max),
  @Employer nvarchar(max)

as

  begin

  update tblWorkData set EmployerName=@EmployerName where EmployerName=@Employer

  end

我改变了where条款,因为我猜你是故意的。和以前一样,它实际上根本没有做任何事情。

在旁注中,您可能想了解如何正确调用过程以及如何以不易受 SQL 注入攻击的方式添加参数。

于 2013-09-01T14:12:52.947 回答
0

您必须连接到数据库才能执行 sql 语句:

     string employer = Session["Employer"].ToString();

     // assume connectionString is a valid connection string

     using (SqlConnection connection = new SqlConnection(connectionString))
     {
         connection.Open();
         SqlCommand command = connection.CreateCommand();
         command.CommandText = "updatework";
         command.CommandType = CommandType.StoredProcedure;
         command.Parameters.AddWithValue("@EmployerName", employer);
         command.ExecuteNonQuery();
     }
于 2013-09-01T14:19:21.983 回答