SQL参数格式问题

时间:2013-04-26 00:17:32

标签: c# sql asp.net-mvc-4 parameters

在我的C#MVC4应用程序中,我有以下代码:

 string[] parameters = new string[items.Count];
            SqlCommand SecondQuery = new SqlCommand();
            for (int i = 0; i < items.Count; i++)
            {
                parameters[i] = string.Format(items[i].Id);
                SecondQuery.Parameters.AddWithValue(parameters[i], items[i]);
            }
            SecondQuery.CommandText = string.Format("SELECT * from S_analysis WHERE heat_no IN ({0})", string.Join(", ", parameters));
            SecondQuery.Connection = new SqlConnection(strSQLconnection);
            using (SqlConnection conn = new SqlConnection(strSQLconnection))
            {
                SecondQuery.CommandTimeout = 50000;
                conn.Open();
                SecondQuery.Connection = new SqlConnection(strSQLconnection);
                SecondQuery.Connection.Open();

                using (var reader7 = SecondQuery.ExecuteReader())
                {
                    int fieldCount = reader7.FieldCount;

                    while (reader7.Read())
                    {
                        for (int i = 0; i < fieldCount; i++)
                        {
                            finalresults.Add(reader7[i].ToString());
                        }
                    }
                }
            }

我的应用程序崩溃了,using (var reader7 = SecondQuery.ExecuteReader())出现此错误:No mapping exists from object type <>f__AnonymousType42[[System.String, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.String, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]] to a known managed provider native type.

我假设这是因为当我查看我的SecondQuery.CommandText时,我的查询看起来像:SecondQuery.CommandText = "SELECT * from S_analysis WHERE heat_no IN (B5P5649, B5P5647, B5P5656, A5P0761, A5P0762)"我相信代码的IN部分中的每个参数都应该在每一侧都有单引号。如何修改我的代码以添加此内容,或者这是导致我的错误的原因?

1 个答案:

答案 0 :(得分:3)

你是对的,因为需要为SQL Server引用字符串值。

string.Join(", ", parameters)

有很多选项,但如果这是唯一的问题,这将有效 

"'"+string.Join(",", parameters).Replace(",", "','")+"'"

但是,代码中的错误更为广泛。您试图参数化每个项目 - 这不起作用,因为您在CommandText中没有指定占位符。您所拥有的只是静态IN列表。您还拥有比所需更多的SqlConnection实例。

        string[] parameters = new string[items.Count];
        SqlCommand SecondQuery = new SqlCommand();
        for (int i = 0; i < items.Count; i++)
        {
            parameters[i] = "'" + string.Format(items[i].Id) + "'";
            //SecondQuery.Parameters.AddWithValue(parameters[i], items[i]);
        }
        SecondQuery.CommandText = string.Format("SELECT * from S_analysis WHERE heat_no IN ({0})", string.Join(",", parameters));
        using (SqlConnection conn = new SqlConnection(strSQLconnection))
        {
            SecondQuery.CommandTimeout = 50000;
            conn.Open();
            SecondQuery.Connection = conn;

            using (var reader7 = SecondQuery.ExecuteReader())
            {
                int fieldCount = reader7.FieldCount;

                while (reader7.Read())
                {
                    for (int i = 0; i < fieldCount; i++)
                    {
                        finalresults.Add(reader7[i].ToString());
                    }
                }
            }
        }
相关问题
最新问题