0

我不确定问题是什么,但我的代码如下所示:

function() {
string sqltext2;
sqltext2 = "INSERT into myTable";
SqlCommand myCommand2 = new SqlCommand(sqltext2, MyConnection2);

if (cond1) {

    sqltext2 = sqltext2 + "SELECT" + "@initOwnerFirstName" + "," + "@ownerFirstName"  + "UNION ALL ";
    SqlParameter param = new SqlParameter();
    param.ParameterName = "@initOwnerFirstName";
    param.Value = initOwnerFirstName;
    SqlParameter param2 = new SqlParameter();
    param2.ParameterName = "@ownerFirstName";
    param2.Value = owner.FirstName;
    myCommand2.Parameters.Add(param);
    myCommand2.Parameters.Add(param2);

我对参数化 SQL 完全陌生,但语法对我来说似乎是正确的。我不断收到的错误是:

必须声明标量变量“@initOwnerFirstName”。我写这样的语句的原因是因为我打算有多个其他 if 语句将添加到 SQLtext

编辑:这是 if 语句之后的完整代码部分,因为如果没有其他变量,我的语法几乎没有意义。这在 JYelton 建议之后被清理了,但我仍然遇到同样的错误。

sqltext2 = sqltext2 + "SELECT" + "'" + currentUserId2 + "'," + "'" +  owner.Id.ToString() + "'," + "'" + DateTime.Now + "'," + "'FirstName', @initOwnerFirstName, @ownerFirstName UNION ALL ";
myCommand2.Parameters.AddWithValue("initOwnerFirstName", initOwner.FirstName);
myCommand2.Parameters.AddWithValue("OwnerFirstName", owner.FirstName);
4

2 回答 2

2

问题可能是您正在连接没有空格的字符串。您也不需要连接。请参阅下面的更新:

function() {
string sqltext2;
sqltext2 = "INSERT into dbo.OwnerChanges ";
SqlCommand myCommand2 = new SqlCommand(sqltext2, MyConnection2);

if (cond1) {
    //no concatenating
    sqltext2 = sqltext2 + " SELECT @initOwnerFirstName , @ownerFirstName UNION ALL ";
    SqlParameter param = new SqlParameter();
    param.ParameterName = "@initOwnerFirstName";
    param.Value = initOwnerFirstName;
    SqlParameter param2 = new SqlParameter();
    param2.ParameterName = "@ownerFirstName";
    param2.Value = owner.FirstName;
    myCommand2.Parameters.Add(param);
    myCommand2.Parameters.Add(param2);

I'm not sure what the rest of your code does but I suspect you are leaving a trailing UNION ALL at the end of all that. You could probably benefit by just putting each sub query into an array and using String.Join on them.

UPDATE:

I think I see the issue. You need to update CommandText and not the original string. So change this:

sqltext2 = sqltext2 + " SELECT @initOwnerFirstName , @ownerFirstName UNION ALL ";

to this:

myCommand2.CommandText= sqltext2 + " SELECT @initOwnerFirstName , @ownerFirstName UNION ALL ";

于 2011-06-24T18:39:14.907 回答
2

Here's how parameterized queries work:

using (SqlConnection conn = new SqlConnection("connectionstring"))
{
    using SqlCommand cmd = conn.CreateCommand())
    {
        cmd.CommandText = @"INSERT INTO mytable
            (initOwnerFirstName, ownerFirstName)
            VALUES (@initOwnerFirstName, @ownerFirstName);";
        cmd.Parameters.AddWithValue("initOwnerFirstName", initOwner.FirstName);
        cmd.Parameters.AddWithValue("ownerFirstName", owner.FirstName);
        // ... execute query
    }
}

It looks like you are inserting into myTable the results of a SELECT statement, but you are trying to pass parameters where the column names should go. The Parameter will replace the @variablename with the value, thus: Parameters are for the values, not the column names.

For multiple values, use parenthesis to specify the set, separated by commas:

INSERT INTO mytable (col1, col2) VALUES ("a", "b"), ("c", "d"), ("e", "f");

You can modify the query string appropriately to fit this syntax.

More information: SQL Insert Syntax

于 2011-06-24T18:50:17.893 回答