I have written this procedure in SQL Server:
ALTER proc [dbo].[cazacliente2]
(#vbusca nvarchar(60), #bo int)
as
if #bo= 1
begin
select idcliente, nome, endere, tel, pedido from Vw_Conscliente
where nome like #vbusca
end
if #bo = 2
begin
select idcliente, nome, endere, tel, pedido from Vw_Conscliente
where endere like #vbusca
end
if #bo = 3
begin
select idcliente, nome, endere, tel, pedido from Vw_Conscliente
where tel like #vbusca
end
if #bo = 4
begin
select idcliente, nome, endere, tel, pedido from Vw_Conscliente
where pedido like #vbusca
end
and this code in asp.net :
{
string valorC = "%" + TextBox1.Text + "%"; numo = DropDownList1.SelectedValue;
string valorB = valorC.Replace(" ", "%");
switch (numo)
{
case "Nome": num3 = 1; break; case "Endereço": num3 = 2; break ;
case "Telefone": num3 = 3 ; break; case "Pedido": num3 = 4; break ;
}
SqlCommand cmd = new SqlCommand();
cmd.CommandType = CommandType.StoredProcedure;
cmd.CommandText = "cazacliente2";
SqlParameter valor = new SqlParameter("#vbusca", SqlDbType.NVarChar);
SqlParameter num = new SqlParameter("#bo",SqlDbType.Int );
valor.Value = valorB ; num.Value = num3 ;
cmd.Parameters.Add(valor); cmd.Parameters.Add(num);
if (conex1.State == ConnectionState.Closed)
{ conex1.Open(); }
cmd.Connection = conex1;
try
{
GridView1.EmptyDataText = "Nao se" + numo.ToString() +"encontraron registros";
GridView1.DataSource = cmd.ExecuteReader();
GridView1.DataBind();
}
catch (Exception ex)
{ throw ex; }
finally
{ conex1.Close(); }
}
When I pass the string afonso pena the procedure returns all the data just fine, but when I pass in afonso 60, it returns an error, and when I pass a name that is not in the database it breaks again, it is like the part catch does not work.
When your question involves an error, it's a great idea to include the error message you see in your question. As it's difficult to debug without knowing the error message, try the following to narrow down where the problem might be.
Try restructuring your code to catch any possible errors before you try databinding your GridView:
{
/*
* put the try at the top of the block to catch exceptions
* that may occur before you bind the GridView's datasource
*/
try
{
numo = DropDownList1.SelectedValue;
string valor = "%" + TextBox1.Text.Replace(" ", "%") + "%"; // no reason to NOT one-line this
/*
* This would probably be easier to maintain if DropDownList1
* was bound to an enumeration of these values:
* DataTextField="someTextField"
* DataValueField="someCorrespondingNumericField"
* If bound that like above, your switch statement becomes:
* Integer.Parse(DropDownList1.SelectedValue, numo);
* and numo then contains 1, 2, 3, or 4 thus eliminating the need for the variable num3.
*/
switch (numo)
{
case "Nome":
num3 = 1;
break;
case "Endereço":
num3 = 2;
break;
case "Telefone":
num3 = 3;
break;
case "Pedido":
num3 = 4;
break;
}
SqlCommand cmd = new SqlCommand();
cmd.CommandType = CommandType.StoredProcedure;
cmd.CommandText = "cazacliente2";
// add parameters and set values all at once
cmd.Parameters.Add("#vbusca", SqlDbType.NVarChar, 60).Value = valor;
cmd.Parameters.Add("#bo",SqlDbType.Int).Value = num3;
if (conex1.State == ConnectionState.Closed)
{
conex1.Open();
}
cmd.Connection = conex1;
GridView1.EmptyDataText = "Nao se " + numo.ToString() +" encontraron registros";
GridView1.DataSource = cmd.ExecuteReader();
GridView1.DataBind();
}
catch (Exception ex)
{
throw ex;
}
finally
{
conex1.Close();
}
}
Also, your stored procedure can be written a little more cleanly:
ALTER PROCEDURE [dbo].[cazacliente2] (
#vbusca nvarchar(60)
, #bo int
)
AS
SELECT idcliente
, nome
, endere
, tel
, pedido
FROM Vw_Conscliente
WHERE CASE
WHEN #bo = 1 THEN nome
WHEN #bo = 2 THEN endere
WHEN #bo = 3 THEN tel
WHEN #bo = 4 THEN pedido
END LIKE #vbusca
I would move the wild card to the TSQL instead of the C#. That way you can test it independently.
Your definition shows a maximum length of 60.
#vbusca nvarchar(60)
Is the parameter you passing from C# to SQL greater than that? You should look at the local variable on a break point in Visual Studio to confirm this is not true.
Also, replacing spaces inside the parameter means that the logical words in side the parameter just need to match in any order. Is this what you want?
'afonso 60' matches 'afsonso when to the store to by milk that cost 60 dollars'
Check out MSDN for wild card usage:
http://technet.microsoft.com/en-us/library/ms189454.aspx
I used dynamic SQL below since it reduces the overall code size.
Sample code change:
ALTER PROC [dbo].[cazacliente2] (#vbusca nvarchar(32), #bo int) AS
BEGIN
-- Local variables
DECLARE #statement VARCHAR(MAX);
DECLARE #field VARCHAR(MAX);
DECLARE #expression VARCHAR(MAX);
-- Make the expression (exact match of #vbusca)
SET #expression = '%' + REPLACE(#vbusca,'''', '''''') + '%';
-- Optional way (match words in #vbusca in order)
-- SET #expression = '%' + REPLACE(REPLACE(#vbusca,'''', ''''''), ' ', '%') + '%'
-- Which field
SELECT #field =
CASE #bo
WHEN 1 then 'nome'
WHEN 2 then 'endere'
WHEN 3 then 'tel'
WHEN 4 then 'pedido'
ELSE 'nome'
END;
-- Make up the dynamic SQL
SET #statement = 'select idcliente, nome, endere, tel, pedido ' +
' from Vw_Conscliente where ' + #field + ' like ' + #expression;
-- Execute the SQL statement
EXEC #statement;
END;
I will be adding a caution advisory to any dynamic TSQL that I write in the future. Here is a link on how to handle injection issues.
http://technet.microsoft.com/en-us/library/ms161953(v=sql.105).aspx
Updated SP to handle issues by reducing search pattern size and handling single quotes inside the parameter.
I think this is the best solution so far, no SQL injection, does handle when invalid #bo is passed, defaults to nome.
ALTER PROCEDURE [dbo].[cazacliente2] (#vbusca nvarchar(60), #bo int)
AS
SELECT
idcliente
, nome
, endere
, tel
, pedido
FROM
Vw_Conscliente
WHERE
CASE
WHEN #bo = 1 THEN nome
WHEN #bo = 2 THEN endere
WHEN #bo = 3 THEN tel
WHEN #bo = 4 THEN pedido
ELSE nome
END LIKE #vbusca;
Related
I made a Stored Procedure in SQL SERVER. When I call the stored procedure in the c# application, the following error occurs: Subquery returned more than 1 value. This is not permitted when the subquery follows =, !=, , >= or when the subquery is used as an expression
I don't understand why this error occurs, because I am returning 1 single INT value.
ALTER PROCEDURE [dbo].[spToevoegenUitslag]
#intPersoonID INT,
#intPersoonIDSnelsteRonde INT,
#intPersoonIDPolePosition INT,
#intGrandPrixID INT,
#intPuntenID INT,
#intSeizoenID INT,
#intID INT = NULL
AS
BEGIN
--Toevoegen punten van uitslag GrandPrix
SELECT #intID = COUNT(ID) + 1 FROM tblPuntenCoureur
INSERT INTO tblPuntenCoureur (ID, PersoonID, GrandPrixID, PuntenID, SeizoenID)
VALUES (#intID, #intPersoonID, #intGrandPrixID, #intPuntenID, #intSeizoenID)
--Toevoegen deelnemers van de GrandPrix
SELECT #intID = COUNT(ID) + 1 FROM tblGrandPrixPersoon
INSERT INTO tblGrandPrixPersoon (ID, GrandPrixID, PersoonID)
VALUES (#intID, #intGrandPrixID, #intPersoonID)
IF (SELECT ID FROM tblSnelsteRonde WHERE GrandPrixID = #intGrandPrixID AND SeizoenID = #intSeizoenID) IS NULL
BEGIN
SELECT #intID = COUNT(ID) + 1 FROM tblSnelsteRonde
INSERT INTO tblSnelsteRonde (ID, PersoonID, intPunt, GrandPrixID, SeizoenID)
VALUES (#intID, #intPersoonIDSnelsteRonde, 1, #intGrandPrixID, #intSeizoenID)
END
IF (SELECT ID FROM tblPolePosition WHERE GrandPrixID = #intGrandPrixID AND SeizoenID = #intSeizoenID) IS NULL
BEGIN
SELECT #intID = COUNT(ID) + 1 FROM tblPolePosition
INSERT INTO tblPolePosition (ID, PersoonID, GrandPrixID, SeizoenID)
VALUES (#intID, #intPersoonIDPolePosition, #intGrandPrixID, #intSeizoenID)
END
RETURN 1 --Toevoegen uitslag gelukt
END
c# code
using (SqlCommand cmd = new SqlCommand("spToevoegenUitslag", verbinding))
{
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add("#intPersoonID", SqlDbType.Int).Value = PersoonID[0];
cmd.Parameters.Add("#intPersoonIDSnelsteRonde", SqlDbType.Int).Value = PersoonIDSnelsteRonde;
cmd.Parameters.Add("#intPersoonIDPolePosition", SqlDbType.Int).Value = PersoonIDPolePosition;
cmd.Parameters.Add("#intGrandPrixID", SqlDbType.Int).Value = GrandPrixID;
cmd.Parameters.Add("#intPuntenID", SqlDbType.Int).Value = PuntenID[0];
cmd.Parameters.Add("#intSeizoenID", SqlDbType.Int).Value = SeizoenID;
var returnParameter = cmd.Parameters.Add("#Return", SqlDbType.Int);
returnParameter.Direction = ParameterDirection.ReturnValue;
verbinding.Open();
cmd.ExecuteNonQuery();
var result = returnParameter.Value;
int returnwaarde = int.Parse(string.Format("{0}", result));
Console.WriteLine(returnwaarde);
string title = "Resultaat";
string message = "";
if (returnwaarde == 1)
{
message = "Uitslag succesvol toegevoegd";
MessageBox.Show(message, title);
}
verbinding.Close();
(SELECT ID FROM tblSnelsteRonde WHERE GrandPrixID = #intGrandPrixID AND SeizoenID = #intSeizoenID) This query of yours might return more than one value if there is more than one row in the table with the given #intGrandPrixID and #intSeizoenID
You can try something Like (SELECT Count(ID) FROM tblSnelsteRonde WHERE GrandPrixID = #intGrandPrixID AND SeizoenID = #intSeizoenID) == 0. If this is what you intend to do
Im trying to have my program search my database and add the results to a listview control. The listview populates with a SQL statement of:
SELECT * FROM dbo.TBL_Locations
However when I try to make it search with a where statement and add values it keeps returning nothing
String selStmt = "SELECT * FROM dbo.TBL_Locations WHERE #SearchParameter = #SearchTerm";
SqlCommand selCmd = new SqlCommand(selStmt, conn);
selCmd.Parameters.AddWithValue("#SearchParameter", SearchParameter);
selCmd.Parameters.AddWithValue("#SearchTerm", SearchTerm);
So SearchParameter would have for example "City" (searching the City column) and SearchTerm would have "Leeds" (Searching for Leeds in the City column)
however what I think is happening is it's basically trying to assign searchTerm to SearchParameter rather than replacing them with the values?
I've tried various different where statements from what I've found on google but cannot seem to get it to work.
I hope it makes sense what I am meaningş.
So you want to search more than one column name, then try like this,
StringBuilder sb = new StringBuilder();
sb.Append("SELECT * FROM dbo.TBL_Locations WHERE ");
switch (SearchParameter)
{
case "City":
sb.Append(" City = #SearchTerm");
break;
case "Stadium":
sb.Append(" Stadium = #SearchTerm");
break;
}
SqlCommand selCmd = new SqlCommand(sb.ToString(), conn);
selCmd.Parameters.AddWithValue("#SearchTerm", SearchTerm);
You can use a stored procedure like this:
CREATE PROCEDURE TBL_Locations_Select (
#City varchar(50), -- or whatever length your actual column is
#Stadium varchar(50) -- or whatever length your actual column is
)
AS
SELECT *
FROM dbo.TBL_Locations
WHERE City = CASE WHEN #City IS NULL THEN City ELSE #City END
AND Stadium = CASE WHEN #Stadium IS NULL THEN Stadium ELSE #Stadium END
This is sql injection safe and not to bad on performance.
If your City or Stadium is nullable columns you might want to do this a little different:
WHERE COALESCE(City, '') = CASE WHEN #City IS NULL THEN COALESCE(City, '') ELSE #City END
AND COALESCE(Stadium, '') = CASE WHEN #Stadium IS NULL THEN COALESCE(Stadium, '') ELSE #Stadium END
Then on your c# code you write something like this:
string City;
string Stadium;
SqlCommand selCmd = new SqlCommand("TBL_Locations_Select", conn);
selCmd.CommandType = CommandType.StoredProcedure;
selCmd.Parameters.AddWithValue("#City", (String.IsNullOrEmpty(City)) ? DBNull.Value : City ;);
selCmd.Parameters.AddWithValue("#Stadium", (String.IsNullOrEmpty(Stadium)) ? DBNull.Value : Stadium ;);
Change to:
String selStmt = "SELECT * FROM dbo.TBL_Locations WHERE City = #SearchTerm";
Where "City" is the column in the DB
Try this
String selStmt = "SELECT * FROM dbo.TBL_Locations WHERE #SearchParameter = #TextBox1.Text" AND #SearchTerm = #TextBox2.Text";
SqlCommand selCmd = new SqlCommand(selStmt, conn);
selCmd.Parameters.AddWithValue("#SearchParameter", SearchParameter);
selCmd.Parameters.AddWithValue("#SearchTerm", SearchTerm);
I've been developing a stored procedure in order to get a register from a table so I built the following query to achieve this:
ALTER procedure [dbo].[procedure_odd]
#codSeccion int,
#NomDoce varchar(500),
#codMate varchar(500)
as
begin
declare #hora varchar(50);
set #hora = (
select b.man_nomhor
from ra_hpl_horarios_planificacion a
inner join ra_man_grp_hor b on a.hpl_codman = b.man_codigo
where a.hpl_codcil = 100
and a.hpl_codemp = (select emp_codigo from pla_emp_empleado
where emp_nombres_apellidos = #NomDoce)
and a.hpl_codmat = #codMate
and a.hpl_descripcion = #codSeccion)
return #hora
end
I've tested this query (ONLY the query not the stored procedure with the query) in my SQL Server console and it works just fine. The problem is when I call it from C# it doesn't work no matter what I try! Also I tried to develop a stored procedure with output parameter but with no result.
Also I've tried this other way(which works so good and fine!):
select b.man_nomhor
from ra_hpl_horarios_planificacion a
inner join ra_man_grp_hor b on a.hpl_codman = b.man_codigo
where a.hpl_codcil = 100
and a.hpl_codemp =
(select emp_codigo from pla_emp_empleado
where emp_nombres_apellidos = 'julio escobar')
and a.hpl_codmat = 'FONO-I'
and a.hpl_descripcion = 1;
Here is my code on C# (My 11000 solution):
public String horarios(int Seccion, string NomDocent, string CodMate)
{
cn.Open();
cmd.Connection = cn;
cmd.CommandText = "select b.man_nomhor from ra_hpl_horarios_planificacion
a inner join ra_man_grp_hor b on a.hpl_codman = b.man_codigo where
a.hpl_codcil = 100 and a.hpl_codemp =(select emp_codigo from
pla_emp_empleado where emp_nombres_apellidos = '" + NomDocent +
"') and a.hpl_codmat = '" + CodMate + "' and a.hpl_descripcion = '" + Seccion + "'";
dr = cmd.ExecuteReader();
if (dr.HasRows)
{
if (dr.Read())
{
msj = dr[0].ToString();
}
}
cn.Close();
return msj;
}
When I run my Visual Studio it doesn't show any error at all but in the variable MSJ it set an empty STRING like this MSJ = "";
This must be really easy but it just that (believe) I've tried so hard to get to the solution with bno results, please help!
It looks like Seccion (and thus a.hpl_descripcion) are integers, but your query is placing apostrophes around it like a literal.
Try removing the apostrophes:
... + "' and a.hpl_descripcion = " + Seccion;
If that's indeed the issue, parameterizing your query can eliminate these kinds of mistakes:
cmd.CommandText = "... and a.hpl_codemp =(select emp_codigo from pla_emp_empleado where emp_nombres_apellidos = #NomDocent) and a.hpl_codmat = #CodMate and a.hpl_descripcion = #Seccion";
cmd.AddParameterWithValue("#NomDocent", NomDocent);
cmd.AddParameterWithValue("#CodMate", CodMate);
cmd.AddParameterWithValue("#Seccion, Seccion);
dr = cmd.ExecuteReader();
Few things:
if you want this to be a stored procedure, be sure to set command.CommandType = CommandType.StoredProcedure.
you do not need to call return or set a variable to return the text you have. instead, just have a select statement return the one field:
ALTER procedure [dbo].[procedure_odd]
#codSeccion int,
#NomDoce varchar(500),
#codMate varchar(500)
as
begin
select top 1 b.man_nomhor from ra_hpl_horarios_planificacion a inner join
ra_man_grp_hor b on a.hpl_codman = b.man_codigo where a.hpl_codcil = 100
and a.hpl_codemp = (select emp_codigo from pla_emp_empleado
where emp_nombres_apellidos = #NomDoce) and a.hpl_codmat = #codMate and
a.hpl_descripcion = #codSeccion)
END
once this is done, just execute the stored procedure with a dataReader, that will return your value. if you need more information, I can edit my answer to clarify.
I Created this Select Stored Procedure:
#SerialNumber varchar(50)
#PalletNumber varchar(50) ------> Datatype int
SELECT
,SerialNumber
, PalletNumber
FROM dbo.FG_FILLIN
WHERE (SerialNumber LIKE #SerialNumber + '%' )
AND (PalletNumber = #PalletNumber)
I change #palletnumber to varchar because Like '%' doesnt accept int.
My Data Access :
public DataSet FGSearchAll(FillinEntity fin)
{
SqlConnection conn = new SqlConnection(connStr);
SqlCommand cmd = new SqlCommand("FGSearchAll", conn);
cmd.CommandType = CommandType.StoredProcedure;
DataSet dSet = new DataSet();
SqlDataAdapter da = new SqlDataAdapter(cmd);
cmd.Parameters.Add("#SerialNumber", SqlDbType.VarChar, 50).Value =
fin.SerialNumber;
cmd.Parameters.Add("#PalletNumber", SqlDbType.Int).Value =
fin.PalletNumber;
try
{
conn.Open();
da.Fill(dSet, "FGDATA");
conn.Close();
}
catch (SqlException)
{
throw;
}
return dSet;
}
UI:
private void SearchAll()
{
BAL obj = new BAL();
FillinEntity fin = new FillinEntity();
fin.SerialNumber = txtSearchSerial.Text ;
**fin.PalletNumber = Convert.ToInt32(txtSearchPallet.Text);**
try
{
dsdata = obj.FGSearchAll(fin);
if (dsdata.Tables[0].Rows.Count < 1)
{
MessageBox.Show("No Record Found!");
}
else
{
dgWIP.DataSource = dsdata;
dgWIP.DataMember = "FGDATA";
}
}
catch (ApplicationException ex)
{
MessageBox.Show(ex.Message);
}
}
All Things works fine if i have input Both but when i just search for Serial number and pallet has an empty value it shows an error.
Any idea?.
Thanks in regards.
This error is nothing to do with your SQL.
The error is in the line you asterisk'ed in your post.
fin.PalletNumber = Convert.ToInt32(txtSearchPallet.Text);
If txtSearchPallet.Text is empty, you are trying to convert an empty string into an integer, and this is what gives you the "Input string was not in a correct format." exception.
You need to first of all detect if the pallet number is an empty string, and assign -1 (say) to your FillInEntity instance.
e.g.
fin.PalletNumber =
(txtSearchPallet.Text == "") ? -1 : Convert.ToInt32(txtSearchPallet.Text);
This will stop the exception happening.
I would continue then as follows:
Change the line assigning the parameter value to the following
DbParameter pallet = cmd.Parameters.Add("#PalletNumber", SqlDbType.Int);
if (fin.PalletNumber == -1)
pallet.Value = DBNull.Value
else
pallet.Value = fin.PalletNumber
Change the stored proc so that #PalletNumber is of datatype int, and the where clause is
WHERE
(
SerialNumber LIKE #SerialNumber + '%'
AND
(
#PalletNumber is null
or
PalletNumber = #PalletNumber
)
)
You will have to add logic in to your Stored Procedure to check that the parameter values don't contain NULL values
You will have to do something like this:
if (#PalletNumber is Null)
begin
SELECT
,SerialNumber
, PalletNumber
FROM dbo.FG_FILLIN
WHERE (SerialNumber LIKE #SerialNumber + '%' )
end
else
begin
SELECT
,SerialNumber
, PalletNumber
FROM dbo.FG_FILLIN
WHERE (SerialNumber LIKE #SerialNumber + '%' )
AND (PalletNumber LIKE #PalletNumber + '%')
end
You need dynamic sql here or use IsNull
#PalletNumber varchar(50) = NULL -- default null
SELECT *
FROM #FG_FILLIN
WHERE (SerialNumber LIKE #SerialNumber + '%' )
AND (PalletNumber = #PalletNumber OR #PalletNumber IS NULL)
Your select also has syntax error; i.e, ',' after SELECT
I don’t think it has anything to do with the SQL. The error message
Input string was not in a correct format.
is exactly the message you get with the FormatException thrown by Convert.ToInt32() when the input string is not a number.
Therefore, instead of:
fin.PalletNumber = Convert.ToInt32(txtSearchPallet.Text);
You should perhaps try something like...
if (!int.TryParse(txtSearchPallet.Text, out fin.PalletNumber))
{
MessageBox.Show("Please enter a number between x and y.");
return;
}
This will attempt to turn the string into an integer and store the result in fin.PalletNumber. If the conversion fails, the MessageBox appears to alert the user and the operation is not attempted.
I am using the following Code to execute the SP of MySql and get the output value. I need to get the output value to my c# after SP is executed. How ? Thanks.
Code :
public static string GetInsertStatement(string DBName, string TblName, string ColName, string ColValue)
{
string strData = "";
MySqlConnection conn = new MySqlConnection(ConfigurationSettings.AppSettings["Con_Admin"]);
MySqlCommand cmd = conn.CreateCommand();
try
{
cmd.CommandType = System.Data.CommandType.StoredProcedure;
cmd.CommandText = "InsGen";
cmd.Parameters.Clear();
cmd.Parameters.Add("in_db", MySqlDbType.VarChar, 20);
cmd.Parameters["in_db"].Value = DBName;
cmd.Parameters.Add("in_table", MySqlDbType.VarChar, 20);
cmd.Parameters["in_table"].Value = TblName;
cmd.Parameters.Add("in_ColumnName", MySqlDbType.VarChar, 20);
cmd.Parameters["in_ColumnName"].Value = ColName;
cmd.Parameters.Add("in_ColumnValue", MySqlDbType.VarChar, 20);
cmd.Parameters["in_ColumnValue"].Value = ColValue;
conn.Open();
cmd.ExecuteNonQuery();
conn.Close();
}
catch (System.Exception e)
{
Console.WriteLine(e.Message);
}
return strData;
}
SP :
DELIMITER $$
DROP PROCEDURE IF EXISTS `InsGen` $$
CREATE DEFINER=`root`#`localhost` PROCEDURE `InsGen`
(
in_db varchar(20),
in_table varchar(20),
in_ColumnName varchar(20),
in_ColumnValue varchar(20)
)
BEGIN
declare Whrs varchar(500);
declare Sels varchar(500);
declare Inserts varchar(2000);
declare tablename varchar(20);
declare ColName varchar(20);
set tablename=in_table;
# Comma separated column names - used for Select
select group_concat(concat('concat(\'"\',','ifnull(',column_name,','''')',',\'"\')'))
INTO #Sels from information_schema.columns where table_schema=in_db and table_name=tablename;
# Comma separated column names - used for Group By
select group_concat('`',column_name,'`')
INTO #Whrs from information_schema.columns where table_schema=in_db and table_name=tablename;
#Main Select Statement for fetching comma separated table values
set #Inserts=concat("select concat('insert into ", in_db,".",tablename," values(',concat_ws(',',",#Sels,"),');')
from ", in_db,".",tablename, " where ", in_ColumnName, " = " , in_ColumnValue, " group by ",#Whrs, ";");
PREPARE Inserts FROM #Inserts;
select Inserts;
EXECUTE Inserts;
END $$
DELIMITER ;
Using output query parameter.
http://msdn.microsoft.com/en-us/library/59x02y99(VS.71).aspx
If I'm not mistaken instead of
cmd.ExecuteNonQuery();
there is an "ExecuteScalar" which will return a Scalar value.
The problem is that you're calling
cmd.ExecuteNonQuery();
That executes without reading back results.
Have a look at the documentation for Command, especially the methods that start with Execute, and decide which one's best for you