参数化SQL查询抛出错误 - 语法错误?

时间:2013-02-28 14:50:37

标签: sql-server vb.net parameters

我将SQL和一组参数(从用户输入中捕获)传递给OleDbDataAdapter,如下所示:

Dim sql As New StringBuilder
Dim theparams As String(,)
sql.Append(" select distinct acc.?,  ")
sql.Append(" isnull(acc.?, acc.?) ?, ")
sql.Append( _
    "    Case when ptree.brandid=220 then 99 else ptree.brandgroupid end brandgroupid, Case when ptree.brandid=220 then 'Multibrand Prepacks' else isnull(ptree.brandgroupname,'1') end brandgroupname, isnull(ptree.brandgroup2,'1') brandgroup2 , ptree.brandgroup3, ptree.brandid, ptree.brandname  ")
sql.Append(" from ")
sql.Append(" (select acc.?,  ")
sql.Append(" acc.? from ")
sql.Append(" vw_ACCOUNT_TREE acc")
sql.Append(" UNION")
sql.Append(" SELECT 'Unknown','Unknown'")
sql.Append(" ) acc")
sql.Append(" CROSS JOIN vw_Product_tree ptree  ")
sql.Append(" WHERE (BRANDGROUPNAME <> 'Unknown' or  ptree.brandid=220)  ")
sql.Append(" and brandenabled=1  ")

theparams = New String(5, 2) {}
theparams(0, 0) = "@0"
theparams(0, 1) = Level
theparams(0, 2) = "OleDbType.String"
theparams(1, 0) = "@1"
theparams(1, 1) = Level + "Description"
theparams(1, 2) = "OleDbType.String"
theparams(2, 0) = "@2"
theparams(2, 1) = Level
theparams(2, 2) = "OleDbType.String"
theparams(3, 0) = "@3"
theparams(3, 1) = Level + "Description"
theparams(3, 2) = "OleDbType.String"
theparams(4, 0) = "@4"
theparams(4, 1) = Level
theparams(4, 2) = "OleDbType.String"
theparams(5, 0) = "@5"
theparams(5, 1) = Level + "Description"
theparams(5, 2) = "OleDbType.String"

然后我将SQL和参数数组传递给以下方法,该方法应该创建一个数据表:

Public Function GetTable(ByVal sql As String, ByVal qParameters(,) As String) As DataTable
    Dim dt As DataTable = New DataTable()
    Try
        If sql.Length > 0 Then
            If ConnectToDB() Then
                Using oDa As New OleDbDataAdapter(sql, _conn)
                    If Not qParameters.GetValue(i, 0) Is Nothing Then
                        For i As Integer = 0 To (qParameters.Length / 3 - 1)
                            oDa.SelectCommand.Parameters.AddWithValue(qParameters(i, 0), qParameters(i, 1))
                            oDa.SelectCommand.Parameters(qParameters(i, 0)).OleDbType = GetOleParameterType(qParameters(i, 2))
                        Next
                    End If
                    Using oDs As New DataSet
                        oDa.Fill(oDs)
                        dt = oDs.Tables(0)
                    End Using
                End Using
            End If

        End If
    Catch ex As Exception
        _error = "Exception in GetTablewithParameters ~ " & ex.Message & " ~ " & sql
    End Try
    Return dt
End Function

但是,它会遇到以下例外情况:

Line 1: Incorrect syntax near ')'.
Line 1: Incorrect syntax near '@P5'.
Line 1: Incorrect syntax near '@P1'.

我的代码出了什么问题?如果我用实际字符串替换参数并删除每个sql.Append()的打开和关闭,则查询在SQL Server Management Studio中正常工作。我的参数使用不正确吗?

编辑:更明确的错误:

Line 1: Incorrect syntax near '@P1'.
Line 8: Incorrect syntax near '@P5'.
Line 12: Incorrect syntax near ')'.

以下是按行分类的代码:

 1.  select distinct acc.?,  
 2.  isnull(acc.?, acc.?) ?, 
 3.  Case when ptree.brandid=220 then 99 else ptree.brandgroupid end brandgroupid, 
 4.  Case when ptree.brandid=220 then 'Multibrand Prepacks' 
 5.  else isnull(ptree.brandgroupname,'1') end brandgroupname, isnull(ptree.brandgroup2,'1') 
 6.  brandgroup2 , ptree.brandgroup3, ptree.brandid, ptree.brandname  
 7.  from 
 8.  (select acc.?,  
 9.  acc.? from 
 10. vw_ACCOUNT_TREE acc
 11. UNION
 12. SELECT 'Unknown','Unknown') acc
 13. CROSS JOIN vw_Product_tree ptree  
 14. WHERE (BRANDGROUPNAME <> 'Unknown' or  ptree.brandid=220)  
 15. and brandenabled=1  

1 个答案:

答案 0 :(得分:1)

如果您执行以下操作,这将更容易调试。

  1. 每次追加后添加换行符(CR LF)。然后,您将始终获得合理且有用的行号而不是第1行。
  2. 在调试日志中输出实际字符串。然后你可以看到错误发生在哪一行。