SqlCommand占位符参数:“'''附近的语法不正确”和“必须声明标量变量@param”?

时间:2012-06-13 02:33:55

标签: asp.net vb.net visual-studio-2010 sql-server-2008

我正在为我们公司开发一个Web地图应用程序内联网。我正在创建一个&#34;添加多边形&#34;功能在地图上。我使用AspMap,VB.NET和SQL Server。当用户单击按钮以从Web表单输入数据属性添加新记录时,会出现错误 <#39> 附近的错误语法。< / p>

我的代码是:

Private Sub AddNewShape(ByVal checklist_id As String, ByVal type As String, ByVal shape As AspMap.Shape, ByVal address_area As String, ByVal dmz As String, ByVal customerid As String, ByVal source As String, ByVal area As String, ByVal instalatur As String, ByVal developer As String, ByVal data_received As DateTime, ByVal doc_data As DateTime, ByVal datereport As DateTime, ByVal remark As String)
    Dim tableName As String

    Select Case shape.ShapeType
        Case AspMap.ShapeType.Line
            tableName = "lines"
        Case AspMap.ShapeType.Polygon
            tableName = "sambungan_baru"
        Case Else
            Return
    End Select

    Dim conn As SqlConnection = GetDbConnection()
    Dim sql As String = "INSERT INTO " & tableName & " (CHECKLIST_ID, TYPE, SHAPEDATA, ADDRESS_AREA, DMZ, CUSTOMERID, SOURCE, AREA, INSTALATUR, DEVELOPER, DATA_RECEIVED, DOC_DATA, DATA_SENT, REMARK) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?)"

    Dim cmd As SqlCommand = New SqlCommand(sql, conn)
    cmd.Parameters.AddWithValue("CHECKLIST_ID", checklist_id)
    cmd.Parameters.AddWithValue("TYPE", type)
    cmd.Parameters.AddWithValue("SHAPEDATA", shape.ShapeData)
    cmd.Parameters.AddWithValue("ADDRESS_AREA", address_area)
    cmd.Parameters.AddWithValue("DMZ", dmz)
    cmd.Parameters.AddWithValue("CUSTOMERID", customerid)
    cmd.Parameters.AddWithValue("SOURCE", source)
    cmd.Parameters.AddWithValue("AREA", area)
    cmd.Parameters.AddWithValue("INSTALATUR", instalatur)
    cmd.Parameters.AddWithValue("DEVELOPER", developer)
    cmd.Parameters.AddWithValue("DATA_RECEIVED", data_received)
    cmd.Parameters.AddWithValue("DOC_DATA", doc_data)
    cmd.Parameters.AddWithValue("DATA_SENT", datereport)
    cmd.Parameters.AddWithValue("REMARK", remark)

    cmd.ExecuteNonQuery()
    conn.Close()

    ReloadShapesDatabase()
End Sub

我改变了这个:

Dim sql As String = "INSERT INTO " & tableName & " (CHECKLIST_ID, TYPE, SHAPEDATA, ADDRESS_AREA, DMZ, CUSTOMERID, SOURCE, AREA, INSTALATUR, DEVELOPER, DATA_RECEIVED, DOC_DATA, DATA_SENT, REMARK) VALUES *(?,?,?,?,?,?,?,?,?,?,?,?,?,?)

到此:

Dim sql As String = "INSERT INTO " & tableName & " (CHECKLIST_ID, TYPE, SHAPEDATA, ADDRESS_AREA, MZ, CUSTOMERID, SOURCE, AREA, INSTALATUR, DEVELOPER, DATA_RECEIVED, DOC_DATA, DATA_SENT, REMARK)(@checklist_id, @type, @shapedata, @address_area, @dmz, @conection, @source, @area, @instalatur, @developer, @data_received, @doc_data, data_sent, @remark)"

我遇到警告:必须声明标量变量&#34; @ conection&#34;。任何人都可以帮助我吗?

3 个答案:

答案 0 :(得分:4)

您在SQL查询中混淆了两种不同类型的参数。 ODBC语法使用简单的占位符'?'每个参数的字符,参数的替换顺序与将它们添加到参数集合的顺序相同。对于OdbcCommand,您忽略的参数名称将被忽略,只有它们的顺序才重要。

对于SqlCommand,参数名称是有意义的;当命令执行时,它将通过SQL存储过程运行,该过程获取参数名称和值的列表并将它们替换为T-SQL查询。在这种情况下,您向查询添加参数的顺序并不重要,但您需要确保名称正确(包括“@”前缀。)

使用带参数的SqlCommand的正确方法如下:

// The SQL Query: Note the use of named parameters of the form
// @ParameterName1, @ParameterName2, etc.
Dim sql As String = "INSERT INTO " & tableName & _
"    (CHECKLIST_ID, TYPE, SHAPEDATA ) " & _
"VALUES " & _
"    (@ChecklistId, @Type, @ShapeData )"

// The Parameter List. Note that the Parameter name must exactly match
// what you use in the query:
Dim cmd As SqlCommand = New SqlCommand(sql, conn)
cmd.Parameters.AddWithValue("@CheckListId", checklist_id)
cmd.Parameters.AddWithValue("@Type", type)
cmd.Parameters.AddWithValue("@ShapeData", shape.ShapeData)

cmd.ExecuteNonQuery()

答案 1 :(得分:1)

您应该分配这样的参数,在您的情况下,您错过了为“CONECTION”参数提供的值。另外,作为附加说明,您应始终将连接对象包含在使用块中。请参阅this并查看“备注”部分。

command.CommandText = "INSERT INTO Table (Col1, Col2, Col3) VALUES _
                     (@Col1Val, @Col2Val, @Col3Val)"
command.Parameters.AddWithValue("@Col1Val","1");
command.Parameters.AddWithValue("@Col2Val","2");
command.Parameters.AddWithValue("@Col3Val","3");

答案 2 :(得分:0)

请确保Dim cmd As SqlCommand = New SqlCommand(sql, conn)使用conn打开连接。

然后验证您的参数类型是否符合数据库表定义。另外,如果使用字符串类型,则可以在插入任何文本之前和之后添加“

可以肯定的是,您可以中断cmd.ExecuteNonQuery()并将关联的命令的值复制并运行到任何SQL管理器工具。

最后,处理您的cmd

否则,请检查这是否对您的问题有帮助:http://social.msdn.microsoft.com/Forums/en-US/sqlspatial/thread/9d75106a-b0d4-49cc-ac86-d41cba4ab797