I want to see a text version of the command I am about to execute that was created using parameters.add - is there a way to do this? (See commented out line below.)
NpgsqlConnection conn = new NpgsqlConnection(connstring);
conn.Open();
NpgsqlCommand cmd = new NpgsqlCommand("insert into \"Min_Bar_Price_Data\" values(:SEC_ID, :PX_OPEN, :PX_HIGH, :PX_LOW, :PX_LAST, :PX_VOLUME, :Date)", conn);
cmd.Parameters.Add(new NpgsqlParameter("SEC_ID", DbType.Int32));
cmd.Parameters.Add(new NpgsqlParameter("PX_OPEN", DbType.Double));
cmd.Parameters.Add(new NpgsqlParameter("PX_HIGH", DbType.Double));
cmd.Parameters.Add(new NpgsqlParameter("PX_LOW", DbType.Double));
cmd.Parameters.Add(new NpgsqlParameter("PX_LAST", DbType.Double));
cmd.Parameters.Add(new NpgsqlParameter("PX_VOLUME", DbType.Double));
cmd.Parameters.Add(new NpgsqlParameter("Date", DbType.DateTime));
cmd.Parameters["SEC_ID"].Value = sec_ID;
cmd.Parameters["PX_OPEN"].Value = 0.0;
cmd.Parameters["PX_HIGH"].Value = 0.0;
cmd.Parameters["PX_LOW"].Value = 0.0;
cmd.Parameters["PX_LAST"].Value = d.Close;
cmd.Parameters["PX_VOLUME"].Value = 1.0;
cmd.Parameters["Date"].Value = d.DT;
//Console.WriteLine("Created command: " + cmd.????);
cmd.ExecuteNonQuery();
The entire idea of prepared statements is that parameters are transmitted out-of-band, as opposed to being "substituted" into the SQL statement. This is done to prevent SQL injection attacks and for optimization purposes.
If only for debugging purposes, you can replace parameter names with appropriate values manually, with a simple regex.
Related
Consider this code....
WHY is it failing telling me that the #PI_CDID parameter value is not set when trying to execute the stored procedure?
Console.WriteLine("Database Opened!");
SqlCommand cmd = new SqlCommand("P_IOU_Track", conn);
cmd.Parameters.Add(new SqlParameter("#PI_CDID", ICDID)); // parameter is added here
cmd.Parameters.Add(new SqlParameter("#PI_Title", ITitle));
cmd.Parameters.Add(new SqlParameter("#PI_Duration", IDuration));
cmd.Parameters.Add(new SqlParameter("#PI_CDNo", ICDNo));
cmd.Parameters.Add(new SqlParameter("#PI_TNo", ITNo));
foreach (SqlParameter p in cmd.Parameters )
{
Console.WriteLine("Parameter , {0} , Value --> {1} ",p.ParameterName, p.Value.ToString());
}
// Add output param
SqlParameter NextTID = new SqlParameter("#PO_NextTID", SqlDbType.BigInt);
NextTID.Direction = ParameterDirection.Output;
cmd.Parameters.Add(NextTID);
// Execute procedure
cmd.ExecuteNonQuery();
You forgot cmd.CommandType = CommandType.StoredProcedure
I have this update:
sql = "UPDATE table SET prioridade = #prioridade, situacao = #sit , responsavel = #resp , previsao_termino = #previsao, chamado_designado = #designado WHERE id = #id";
MySqlCommand cmd = new MySqlCommand();
cmd.CommandText = sql;
cmd.CommandType = CommandType.Text;
cmd.Parameters.Add(new MySqlParameter("#prioridade", MySqlDbType.Int32)).Value = ch.Prioridade_ID;
cmd.Parameters.Add(new MySqlParameter("#sit", MySqlDbType.Int32)).Value = ch.Situacao_ID;
cmd.Parameters.Add(new MySqlParameter("#resp", MySqlDbType.Int32)).Value = ch.Responsavel_ID;
cmd.Parameters.Add(new MySqlParameter("#previsao", MySqlDbType.Date)).Value = ch.Previsao_Termino;
cmd.Parameters.Add(new MySqlParameter("#designado", MySqlDbType.Int32)).Value = ch.Chamado_Designado;
cmd.Parameters.Add(new MySqlParameter("#id", MySqlDbType.Int32)).Value = ch.ID;
_dal.Executar(cmd);
the value of ch.Previsao_Termino is equal to 31/05/2013 the field previsao_termino is a date type. When it will make the update it throws me an error saying that:
Wrong Value for the field previsao_termino 0031-05-2013.
Where did that 00 came from ? Maybe the connector ? I updated my connector to a new version, also i updated my VisualStudio 2010 to VisualStudio 2012 and sinced I changed that, i've got a lot of problems u.u.
Answer provided by #EdGibbs
When working with MySqlCommand.Parameters the variable you are passing as its value, MUST be the same type that you set the parameter. e.g
MySqlCommand.Parameter.Add(new MySqlParameter("#ParamName", MySqlDataType.DateTime)).value = dtValue
the varaible dtvalue MUST BE DATETIME TYPE, if like me you are using string, then you should use the following conversion.
DateTime.ParseExact(ch.Previsao_Termino, 'dd/MM/yyyy', null)
I'm having an issue with an update query in C#. It's odd to me that I'm having an issue with update, but select, delete, and insert work.
public void updateTeacherInfo(string SSN, string Classroom, string salary, string tenured, string phone)
{
OracleConnection conn = new OracleConnection("myconnectionstring;");
conn.Open();
OracleCommand cmd = new OracleCommand("Update Teachers Set classroom_number = :TRM, Salary = :TSALARY, Tenured = :TTENURE, Phone_numer = :TPHONE Where SSN = :TSSN", conn);
OracleCommand commit = new OracleCommand("COMMIT", conn);
cmd.Parameters.Add(new OracleParameter(":TSSN", SSN));
cmd.Parameters.Add(new OracleParameter(":TRM", Classroom));
cmd.Parameters.Add(new OracleParameter(":TSALARY", salary));
cmd.Parameters.Add(new OracleParameter(":TTENURE", tenured));
cmd.Parameters.Add(new OracleParameter(":TPHONE", phone));
int i = cmd.ExecuteNonQuery();
int k = commit.ExecuteNonQuery();
MessageBox.Show(i + " rows affected");
MessageBox.Show(k + " rows affected");
conn.Close();
}
Edit* the rest of the method to clear things up, and also, it is not throwing any errors, but does not update the database.
Put the Parameters.Add in proper sequence. In your update query
"Update Teachers Set classroom_number = :TRM, Salary = :TSALARY, Tenured = :TTENURE, Phone_numer = :TPHONE Where SSN = :TSSN"
:TRM is occuring first and likewise. So keep the Parameters.Add also in same sequence. It will work. The sequence will be:
cmd.Parameters.Add(new OracleParameter(":TRM", Classroom));
cmd.Parameters.Add(new OracleParameter(":TSALARY", salary));
cmd.Parameters.Add(new OracleParameter(":TTENURE", tenured));
cmd.Parameters.Add(new OracleParameter(":TPHONE", phone));
cmd.Parameters.Add(new OracleParameter(":TSSN", SSN));
string con = ConfigurationManager.ConnectionStrings["connectionString"].ConnectionString;
SqlConnection cn = new SqlConnection(con);
string insert_jobseeker = "INSERT INTO JobSeeker_Registration(Password,HintQuestion,Answer,Date)"
+ " values (#Password,#HintQuestion,#Answer,#Date)";
SqlCommand cmd = new SqlCommand();
cmd.Connection = cn;
cmd.CommandType = CommandType.Text;
cmd.CommandText = insert_jobseeker;
cmd.Parameters.Add(new SqlParameter("#Password", SqlDbType.VarChar, 50));
cmd.Parameters["#Password"].Value = txtPassword.Text;
cmd.Parameters.Add(new SqlParameter("#HintQuestion", SqlDbType.VarChar, 50));
cmd.Parameters["#HintQuestion"].Value = ddlQuestion.Text;
cmd.Parameters.Add(new SqlParameter("#Answer", SqlDbType.VarChar, 50));
cmd.Parameters["#Answer"].Value = txtAnswer.Text;
**cmd.Parameters.Add(new SqlParameter("#Date", SqlDbType.DateTime));
cmd.Parameters["#Date"].Value = System.DateTime.Now**
I got error that
"SqlDateTime overflow. Must be between 1/1/1753 12:00:00 AM and
12/31/9999 11:59:59 PM."
What's the solution for this ?
Try changing the Type of #Date on the SQL Server side to DATETIME2(7)
Then in your code use this line instead:
cmd.Parameters.Add(new SqlParameter("#Date", SqlDbType.DateTime2));
Your code looks okay as shown but possibly something is going on with the conversion due to a localization issue or something wrong with your Region/Time settings so see if this works.
If you are working with SQL Server 2008 and above, you can do this:
Step 1: Change your #Date datatype from DATETIME to DATETIME2(7)
Step 2: In your codebehind, use this:
SqlDbType.DateTime2
"Date" is a keyword, do not use it as a column name.
If you have to, enclose it in [] in your insert statement: [Date]
But it would be better to change it to something else, for example "RegistrationDate".
I am trying to access a stored procedure and I'm getting an error that says:
Procedure or function 'getbug' expects parameter '#bugID', which was not supplied.
This is my code to call the procedure.
SqlCommand cmd = new SqlCommand("getbug", cn);
cmd.Parameters.Add(new SqlParameter("bugID", bugID));
bugID is set as 1089 (and is type int)
I can't figure out why this won't work.
Try this instead
SqlCommand cmd = new SqlCommand("getbug", cn);
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(new SqlParameter("#bugID", bugID));
Try adding the "#" to the parameter
SqlCommand cmd = new SqlCommand("getbug", cn);
cmd.Parameters.Add(new SqlParameter("#bugID", bugID));
More code will help. Here's a couple of ideas though.
If you're calling a stored procedure, you need to specify the CommandType. Also, you can use the AddWithValue method to shorten your code.
using (var cn = new SqlConnection("your connection string"))
{
using (var cmd = new SqlCommand("getbug", cn))
{
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("#bugID", bugID);
//etc...
}
}