插入参数化查询ASP.NET MS SQL

时间:2008-12-19 19:07:16

标签: asp.net sql-server

这是我的SQLCommand对象:

oCommand.CommandText = 
"INSERT INTO hits (id,client_id,client_ip,page,vars) VALUES _
                     (@@IDENTITY,@client_id,@ip,@page,@vars)"
oCommand.Parameters.Count = 4
 >>   oCommand.Parameters.Item(0).ParameterName = "@client_id"
 >>   oCommand.Parameters.Item(0).Value = "123456"
 >>   oCommand.Parameters.Item(1).ParameterName = "@ip"
 >>   oCommand.Parameters.Item(1).Value = "127.0.0.1"
 >>   oCommand.Parameters.Item(2).ParameterName = "@page"
 >>   oCommand.Parameters.Item(2).Value = "default.aspx"
 >>   oCommand.Parameters.Item(3).ParameterName = "@vars"
 >>   oCommand.Parameters.Item(3).Value = Nothing

这是我得到的错误:

The parameterized query '(@ip nvarchar(9),@client_id nvarchar(4000),@page nvarchar(12),@v' expects the parameter '@client_id', which was not supplied.

以下是功能:

Public Shared Function insertIntoHitTable(ByVal oData As gsTrack) As Boolean
    Dim oObj As New List(Of Object())
    oObj.Add(New Object() {"@client_id", cV(oData.ClientID)})
    oObj.Add(New Object() {"@ip", cV(oData.IP)})
    oObj.Add(New Object() {"@page", cV(oData.Page)})
    oObj.Add(New Object() {"@vars", oData.Vars})
    Dim oCommand As SqlCommand = InsertIntoHitTableSQL(oObj)
    oCommand.Connection.Open()
    oCommand.ExecuteNonQuery()
    oCommand.Connection.Close()
End Function

Public Shared Function createSQLCommand(ByVal oCmdTxt As String, ByVal oParams As List(Of Object())) As SqlCommand
    Dim oCommand As SqlCommand = Nothing
    Dim oBuilder As New StringBuilder
    Dim oParam As SqlParameter
    oCommand = New SqlCommand(oCmdTxt, New SqlConnection(csString))
    Try
        For i As Integer = 0 To oParams.Count - 1
            oParam = New SqlParameter
            oParam.ParameterName = oParams(i)(0)
            oParam.Value = oParams(i)(1)
            oCommand.Parameters.Add(oParam)
            oParam = Nothing
        Next
        Return oCommand
    Catch ex As Exception
        Return Nothing
    End Try
End Function

有关如何解决此参数化查询错误的任何指示?谢谢!

修改

我应该注意cV()只是一个擦洗函数,它会检查传递的变量是否为空。

3 个答案:

答案 0 :(得分:3)

我相信参数count和index稍微偏移,因为你在insert语句中指定了@@ IDENTIDY。我在执行参数化查询时通常遵循以下语法:

oCommand = New SqlCommand("INSERT INTO hits (id,client_id,client_ip,page,vars) VALUES (@@IDENTITY,@client_id,@ip,@page,@vars)", CONNECTION OBJECT)

oCommand.CommandType = CommandType.StoredProcedure
oCommand.Parameters.Add("@client_id", SqlDbType.Integer, 10)
oCommand.Parameters("@client_id").Direction = ParameterDirection.Input
oCommand.Parameters("@client_id").Value = cV(oData.ClientID)
oCommand.Parameters.Add("@ip", SqlDbType.VarChar, 15)
oCommand.Parameters("@ip").Direction = ParameterDirection.Input
oCommand.Parameters("@ip").Value = cV(oData.IP)

oCommand.Connection.Open()
oCommand.ExecuteNonQuery()
oCommand.Connection.Close()

...你可以看到剩下的参数如何跟随其余部分。

答案 1 :(得分:1)

在CV函数中,您是否检查该值是否为空?其中一个sites我看到你需要传递一个DBNull.value而不是null的文件。

答案 2 :(得分:0)

你永远不应该使用@@ identity。如果列是标识,则不要在值列表中指定它。如果您在任何地方使用它来获取刚刚插入的值,那么使用scope_identity()代替,除非您喜欢数据完整性问题。