我有一个运行时错误: 必须声明标量变量“@ ManagerID 我确定我已经在我的CLass和我的法令中声明了所有变量 我的班级代码:
public DataTable Select(int ID,string NameFa, string Address, int ManagerID, short TotalUnits, int ChargeMethodID)
{
DataTable table = new DataTable();
table.Columns.Add("ID", typeof(int));
table.Columns.Add("NameFa", typeof(string));
table.Columns.Add("Address", typeof(string));
table.Columns.Add("ManagerID", typeof(int));
table.Columns.Add("TotalUnits", typeof(short));
table.Columns.Add("ChargeMethodID", typeof(int));
try
{
con.Open();
SqlCommand command = new SqlCommand("dbo.SelectBuilding", con);
command.CommandType = CommandType.StoredProcedure;
command.Parameters.Add(new SqlParameter("@ID", ID));
command.Parameters.Add(new SqlParameter("@NameFa", NameFa));
command.Parameters.Add(new SqlParameter("@Address", Address));
command.Parameters.Add(new SqlParameter("@ManagerID", ManagerID));
command.Parameters.Add(new SqlParameter("@TotalUnits", TotalUnits));
command.Parameters.Add(new SqlParameter("@ChargeMethodID", ChargeMethodID));
SqlDataAdapter adapter = new SqlDataAdapter(command);
adapter.Fill(table);
return table;
}
我的会计准则是:
@ID int,
@NameFa nvarchar(150),
@Address nvarchar(MAX),
@ManagerID int,
@TotalUnits smallint,
@ChargeMethodID int
As
Begin
IF(@ID >0 )
Begin
Select ID,NameFa,Address,ManagerID,TotalUnits,ChargeMethodID From Buildings where ID = @ID
End
ELSE
Begin
Declare @sqlTxt nvarchar(MAX)
SET @sqlTxt = 'SELECT ID,NameFa,Address,ManagerID,TotalUnits,ChargeMethodID FROM Buildings where ID>0'
IF(@NameFa!= null)
BEGIN
SET @sqlTxt = @sqlTxt + ' AND NameFa Like ''%@NameFa%'''
END
IF(@Address!= null)
BEGIN
SET @sqlTxt = @sqlTxt + ' AND Address Like ''%@Address%'''
END
IF(@ManagerID > 0)
BEGIN
SET @sqlTxt = @sqlTxt + ' AND ManagerID = @ManagerID'
END
IF(@TotalUnits > 0)
BEGIN
SET @sqlTxt = @sqlTxt + ' AND TotalUnits = @TotalUnits'
END
IF(@ChargeMethodID > 0)
BEGIN
SET @sqlTxt = @sqlTxt + ' AND ChargeMethodID = @ChargeMethodID'
END
EXEC (@sqlTxt);
End
END
我想使用选择功能:
DataTable dt = new DataTable();
Buildings.Building bb = new Buildings.Building() {ID=0,NameFa="",Address="",ManagerID=OwnerID,TotalUnits=0,ChargeMethodID=0 };
dt = bu.Select(bb.ID,bb.NameFa,bb.Address,bb.ManagerID,bb.TotalUnits,bb.ChargeMethodID);
答案 0 :(得分:1)
您没有将参数传递给exec语句。我会将其更改为exec,其中包含带参数的可选参数。
编辑:我强烈建议删除sp_executesql和/或Select
ID,NameFa,Address,ManagerID,TotalUnits,ChargeMethodID
From
Buildings
where
(@Id = 0 or ID = @Id)
and (@NameFa = '' or NameFa = @NameFa)
and (@ManagerID = 0 or ManagerID = @ManagerID)
// repeat for the rest of the optional search conditions
命令。因为您可以根据输入:
a)由于用户输入SQL字符串分隔符作为有效输入而导致运行时错误。示例奥哈拉作为姓氏。
b)恶意用户可能会严重破坏您的数据库。
您可以通过更简单的方式获得类似的结果:
@QUERY(value="SELECT recipe.name, SUM(salesdetails.quantity::
INTEGER),recipe.price AS Quantity
FROM (salesinfo
JOIN salesdetails ON salesinfo.sessionid=salesdetails.salesinfo_sessionid)
JOIN recipe ON salesdetails.recipe_id=recipe.id
GROUP BY salesdetails.recipe_id,recipe.name,recipe.price
ORDER BY SUM(salesdetails.quantity:: INTEGER) DESC", nativeQuery = TRUE)