select中带参数的参数化查询返回无效数据

时间:2013-03-22 23:13:02

标签: c# .net sql ms-access oledbconnection

我有以下代码:

string connectionString = 
    "Provider=Microsoft.JET.OLEDB.4.0;" + 
    "data source=" + processProgramPath + ";";

using (OleDbConnection connection = new OleDbConnection(connectionString))
{
    connection.Open();
    using (OleDbCommand command = new OleDbCommand(
        "SELECT @Value " +
        "FROM BONDPARAMETERS " +
        "WHERE BONDPARAMETERS.SetName = @SetName", connection))
    {
        command.Parameters.AddWithValue("@Value", value);
        command.Parameters.AddWithValue("@SetName", setName);               

        var result = command.ExecuteScalar();
        return result.ToString();
    }
}

我期望获得的是760。但是我得到了StartForce专栏的标题。

value =“StartForce” setName =“450(18)-F-OE”

如果我将使用更改为:

using (OleDbCommand command = new OleDbCommand("SELECT "+value+" " +

它有效。是什么给了什么?

提前致谢

1 个答案:

答案 0 :(得分:1)

您不能使用这样的参数动态构建SQL。请参阅此问题:Using C# SQL Parameterization on Column Names