将参数绑定到OLEDB命令会引发错误

时间:2010-07-09 06:51:26

标签: c# asp.net connection oledb

我正在使用带有.NET的AS 400 OLEDB。它用 '?'而不是'@param用命令绑定参数 现在有一种情况,命令就像

SELECT ...
FROM
   (SELECT ... 
         ROW_NUMBER() OVER(ORDER BY ColumnName) as RowNum
    FROM Employees e
   ) as DerivedTableName
WHERE RowNum BETWEEN @startRowIndex AND (@startRowIndex + @maximumRows) - 1

现在我的命令变为

    SELECT ...
FROM
   (SELECT ... 
         ROW_NUMBER() OVER(ORDER BY ColumnName) as RowNum
    FROM Employees e
   ) as DerivedTableName
WHERE RowNum BETWEEN ? AND (? + ?) - 1

现在我绑定了像

这样的参数
myCommand.Parameters.Add(new OleDbParameter("?",startRowIndex));
myCommand.Parameters.Add(new OleDbParameter("?", startRowIndex));
myCommand.Parameters.Add(new OleDbParameter("?", MaximumRows));

抛出错误

SQL0417: Combination of parameter markers not valid.
Cause . . . . . :   The statement string specified as the object of a PREPARE statement contains a predicate or expression where parameter markers have been used as operands of the same operator.  The following restrictions apply to the use of parameter markers: -- Both the operands in a predicate cannot be parameter markers. For example, specifying predicates of the form:    ? = ?      or    ? = ( SELECT ? FROM x ) are not valid. 

如何在这种情况下绑定参数?我想避免sql注入:)

1 个答案:

答案 0 :(得分:3)

尝试更改参数名称

myCommand.Parameters.Add(new OleDbParameter("@startRowIndex",startRowIndex));
myCommand.Parameters.Add(new OleDbParameter("@startRowIndex2", startRowIndex));
myCommand.Parameters.Add(new OleDbParameter("@MaximumRows", MaximumRows));

但保留SQL原样。