0

I have the following code that I am using to insert a number of rows into a database:

   _conn.Open();
   SqlCommand command = new SqlCommand(_insert[0].ToString(), _conn);
   command.Parameters.AddRange((_insert[1] as List<SqlParameter>).ToArray());
   Int32 rowsAffected = command.ExecuteNonQuery();
   _conn.Close();

The command (_insert[1].ToString()) is:

"INSERT INTO Candidate (id, name) VALUES ({0},{1}),({2},{3}),({4},{5}),({6},{7}),
({8},{9}),({10},{11}),({12},{13}),({14},{15}),({16},{17}),({18},{19}),({20},{21}),
({22},{23}),({24},{25}),({26},{27}),({28},{29}),({30},{31}),({32},{33}),({34},{35}),
({36},{37}),({38},{39})"

and the command parameters are like this (from VS debug):

[0] - ParameterName = "0", SqlDbType = BigInt, Value = 21400
[1] - ParameterName = "1", SqlDbType = NVarChar, Value = "Dan Smith"
[2] - ParameterName = "2", SqlDbType = BigInt, Value = 21401
[3] - ParameterName = "3", SqlDbType = NVarChar, Value = "Doug Smith"
[4] - ParameterName = "4", SqlDbType = BigInt, Value = 21402
[5] - ParameterName = "5", SqlDbType = NVarChar, Value = "Danielle Smith"

The error I am getting is "Incorrect syntax near '0'." Can someone tell me what is causing this?

In case it matters here is where I am creating the parameter array (separate function that iterates over JSON returned from API):

    foreach (KeyValuePair<string, object> _attribute in _field)
    {
        // '_score' is an attribute included with each entity when doing a search
        // indicating the matching score of the query, we don't want this in the database
        if (_attribute.Key.ToString() != "_score")
        {
            _insertQuery.AppendFormat("{{{0}}},", _paramNumber);
            _paramValues.Add(new SqlParameter(_paramNumber.ToString(), _attribute.Value));
            _paramNumber++;
        }
    }
    return new object[] {_insertQuery.ToString(), _paramValues };

I am doing this as I am retrieving various objects from an API and then inserting into a local database. I cannot create a class for each of these objects (requirements are to make this generic).

UPDATE:

I updated the code to prepend the _paramNumber with "@" so each parameter is now @0, @1, etc. and I am now getting this error:

"Incorrect syntax near '@0'."

The insert statement is as follows:

"INSERT INTO Candidate (id, name) VALUES ({@0},{@1}),({@2},{@3}),({@4},{@5}),({@6},{@7}),
({@8},{@9}),({@10},{@11}),({@12},{@13}),({@14},{@15}),({@16},{@17}),({@18},{@19}),
({@20},{@21}),({@22},{@23}),({@24},{@25}),({@26},{@27}),({@28},{@29}),({@30},{@31}),
({@32},{@33}),({@34},{@35}),({@36},{@37}),({@38},{@39})"

and the parameters are like this:

[0] - ParameterName = "@0", SqlDbType = BigInt, Value = 21400
[1] - ParameterName = "@1", SqlDbType = NVarChar, Value = "Dan Smith"
[2] - ParameterName = "@2", SqlDbType = BigInt, Value = 21401
[3] - ParameterName = "@3", SqlDbType = NVarChar, Value = "Doug Smith"
[4] - ParameterName = "@4", SqlDbType = BigInt, Value = 21402
[5] - ParameterName = "@5", SqlDbType = NVarChar, Value = "Danielle Smith"
4

2 回答 2

1

如果您在查询中使用直接参数,而不是使用 String.Format 格式化查询字符串本身,则应仅在查询中使用格式为 @parameterName 的参数,如下所示。

"INSERT INTO Candidate (id, name) VALUES (@0,@1),(@2,@3),(@4,@5),(@6,@7),
(@8,@9),(@10,@11),(@12,@13),(@14,@15),(@16,@17),(@18,@19),
(@20,@21),(@22,@23),(@24,@25),(@26,@27),(@28,@29),(@30,@31),
(@32,@33),(@34,@35),(@36,@37),(@38,@39)"
于 2014-04-28T14:16:00.530 回答
1

从我从您的问题中推断出来,您正试图将其{number}用作参数名称。我个人认为这是不正确的。

你应该使用@yourParameterName

于 2014-04-28T13:52:20.760 回答