I'm trying to write an sql query in C# to Access.
the query works fine in the Access software but when I tried to run it through C# with parameters it throws me exception that the parameters are missing. it's like it ignores the parameters I'm giving.
this is my method:
public DataTable GetRoomStatusByDate(Room RoomItem, TimeRange TimeItem, WeekDay DayItem, DateTime DateItem)
{
string cmdStr = "SELECT Subject, AdditionOrCancellation, Description " +
"FROM (SELECT * " +
"FROM TimeTables TT1 LEFT OUTER JOIN SpecialEvents SE1 " +
"ON TT1.RoomNumber = SE1.RoomNumber AND TT1.StructureNumber = SE1.StructureNumber AND " +
"TT1.DayNumber = SE1.DayNumber AND TT1.HourNumber = SE1.HourNumber " +
"UNION " +
"SELECT * " +
"FROM TimeTables TT2 RIGHT OUTER JOIN SpecialEvents SE2 " +
"ON TT2.RoomNumber = SE2.RoomNumber AND TT2.StructureNumber = SE2.StructureNumber " +
"AND TT2.DayNumber = SE2.DayNumber AND TT2.HourNumber = SE2.HourNumber) " +
"WHERE (TT1.RoomNumber = #TTRoomNumber OR SE1.RoomNumber = #SERoomNumber) AND (TT1.StructureNumber = #TTStructureNumber OR SE1.StructureNumber = #SEStructureNumber) " +
"AND(TT1.HourNumber = #TTHourNumber OR SE1.HourNumber = #SEHourNumber) AND (TT1.DayNumber = #TTDayNumber OR SE1.DayNumber = ##SEDayNumber) " +
"AND (SE1.EventDate = #SEEventDate OR SE1.EventDate IS NULL)";
DataSet ds = new DataSet();
using (OleDbCommand command = new OleDbCommand(cmdStr))
{
command.Parameters.AddWithValue("#TTRoomNumber", RoomItem.Number);
command.Parameters.AddWithValue("#SERoomNumber", RoomItem.Number);
command.Parameters.AddWithValue("#TTStructureNumber", RoomItem.Structure);
command.Parameters.AddWithValue("#SEStructureNumber", RoomItem.Structure);
command.Parameters.AddWithValue("#TTDayNumber", TimeItem.Number);
command.Parameters.AddWithValue("#SEDayNumber", TimeItem.Number);
command.Parameters.AddWithValue("#TTDayNumber", DayItem.Number);
command.Parameters.AddWithValue("#SEDayNumber", DayItem.Number);
command.Parameters.AddWithValue("#SEEventDate", DateItem);
ds = GetMultipleQuery(command);
}
DataTable dt = new DataTable();
try
{
dt = ds.Tables[0];
}
catch
{ }
return dt;
}
I also want to mention I use OLEDB and my connection is surly fine because I have many methods with query and parameters and their all works fine with no problems.
this is my only method with a query that doesn't work.
OleDb uses positional parameters, not named parameters. Replace the parameter names by ? in SQL. You can leave the parameter name unchanged in AddWithValue, since it is ignored.
...
"WHERE (TT1.RoomNumber = ? OR SE1.RoomNumber = ?) AND (TT1.StructureNumber = ? OR SE1.StructureNumber = ?) " +
"AND(TT1.HourNumber = ? OR SE1.HourNumber = ?) AND (TT1.DayNumber = ? OR SE1.DayNumber = ?) " +
"AND (SE1.EventDate = ? OR SE1.EventDate IS NULL)";
Make sure you add the parameters in the same order they appear in the SQL text.
Also the value passed to AddWithValue must have the right type. A numeric or date string is not automatically converted to the appropriate numeric or DateTime type.
Related
I am facing a problem with using OleDbCommand.ExecuteScalar().
This is my query.
SELECT SUM(gobg.quan / d.coef) as quan
FROM ((N_GOODS_EXTCODES AS nge
INNER JOIN DRUGS AS d ON nge.ec_NZOK20190816 = d.DrugCode)
INNER JOIN N_GOODS AS ng ON nge.good_code = ng.code)
INNER JOIN G_OBGS AS gobg ON ng.smg_id = gobg.smg_id
WHERE nge.ec_NZOK20190816 = "AF063" AND gobg.part_num LIKE 'KR72K35*' ;
When I execute it in MS ACCESS this is the value that returns.
Query result
This is my C# code
public double getGoodQuan(string goodCode, string goodPart, string pharmNzokList)
{
double result = 0;
using (OleDbConnection con = new OleDbConnection(connectionStringBuffer))
{
try
{
con.Open();
using (OleDbCommand cmd = new OleDbCommand(Queries.getGoodQuan(goodCode, goodPart, pharmNzokList), con))
{
result = Convert.ToDouble(cmd.ExecuteScalar());
}
}
catch (Exception ex)
{
Program.ErrorLog(ex.Message, this.GetType().Name + "." + System.Reflection.MethodBase.GetCurrentMethod().Name);
}
finally
{
con.Close();
}
}
return result;
}
public static string getGoodQuan(string goodCode, string goodPart, string pharmNzokList)
{
string result = "SELECT SUM(gobg.quan / d.coef) " +
"FROM ((N_GOODS_EXTCODES AS nge " +
"INNER JOIN DRUGS AS d ON nge." + pharmNzokList + " = d.DrugCode) " +
"INNER JOIN N_GOODS AS ng ON nge.good_code = ng.code) " +
"INNER JOIN G_OBGS AS gobg ON ng.smg_id = gobg.smg_id " +
"WHERE nge." + pharmNzokList + " = \"" + goodCode + "\" " +
"AND gobg.part_num LIKE '" + goodPart + "*' " +
";";
return result;
}
After cmd.ExecuteScalar() result is aways null.
I have tried to use string, double, object and the result is aways the same.
In the same project I am using the same code but with different query and it is working.
This is the query that works.
SELECT SYS_PHARMA.pharm_nzok_list FROM SYS_PHARMA;
And this is the MS ACCESS result
Query result
What I am doing wrong with the first query that aways returns null?
I found where the problem was.
In the WHERE clause I am using LIKE Operator with * in the end of the text because I want to search for everything that starts with that text(as the MS Access documentation says).
gobg.part_num LIKE 'KR72K35*'
Then I changed * to % and it worked! ExecuteScalar() returns the right value!
gobg.part_num LIKE 'KR72K35%'
I have tried MANY suggested solutions from here but nothing seems to work for this problem. I just keep getting this error message when it hits the 'mdr = command.ExecuteReader();' line. Any thoughts please?
try
{
MySqlConnection connection = new MySqlConnection("SERVER=" + server + ";" + "DATABASE=" + database + ";" + "UID=" + uid + ";" + "PASSWORD=" + password + ";");
MySqlCommand command;
MySqlDataReader mdr;
connection.Open();
string ThePID = tbPID.Text;
string TheRound = tbRound.Text;
string CurrentPage = tbCurrentPage.Text;
// SELECT #myvar:= myvalue
string query = "SELECT ImageURL, ProofingText " +
"INTO #ImageURL, #ProofingText " +
"FROM Rounds " +
"WHERE ProjectID = " + ThePID + " " +
"AND CurrentRound = " + TheRound + " " +
"AND Page = " + CurrentPage + ";";
command = new MySqlCommand(query, connection);
mdr = command.ExecuteReader();
mdr.Read();
rtProofing.Text = mdr.GetString("#PRoofingText");
tbURL.Text = mdr.GetString("#ImageURL");
tbImagePage.Text = Path.GetFileName(tbURL.Text);
PageBox.Image = Image.FromFile(tbURL.Text);
connection.Close();
connection.Dispose();
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
If you use MySqlConnector, you will get a helpful exception message that explains the problem:
Parameter '#ImageURL' must be defined. To use this as a variable, set 'Allow User Variables=true' in the connection string.
By default, MySQL queries (executed from .NET) can't use user-defined variables. You can relax this limitation by adding Allow User Variables=true to your connection string.
However, this won't fix your underlying problem, which is that this isn't the right way to select data from MySQL.
Firstly, your query is susceptible to SQL injection; you should rewrite it to use parameters as follows:
using (var command = connection.CreateCommand())
{
command.CommandText = #"SELECT ImageURL, ProofingText
FROM Rounds
WHERE ProjectID = #ThePID
AND CurrentRound = #TheRound
AND Page = #CurrentPage;";
commands.Parameters.AddWithValue("#ThePID", ThePID);
commands.Parameters.AddWithValue("#TheRound", TheRound);
commands.Parameters.AddWithValue("#CurrentPage", CurrentPage);
Then, you can retrieve the values with a slight variation on your current code. You must retrieve the values by their column names, which do not have a leading #. You should also check that a row was retrieved by examining the return value of Read():
if (mdr.Read())
{
rtProofing.Text = mdr.GetString("ProofingText");
tbURL.Text = mdr.GetString("ImageURL");
}
Finally, string concatenation is also not the right way to build a connection string. The MySqlConnectionStringBuilder class exists for this purpose; use it.
var builder = new MySqlConnectionStringBuilder
{
Server = server,
Database = database,
UserID = uid,
Password = password,
};
using var connection = new MySqlConnection(csb.ConnectionString);
I am using visual studio 2010 on Win 7. I want to read a .dbf file and get the minimum value of a selected column.
Here is what I have:
System.Data.Odbc.OdbcConnection oConn = new System.Data.Odbc.OdbcConnection();
oConn.ConnectionString = #"Driver={Microsoft dBase Driver (*.dbf)};SourceType=DBF;SourceDB=" + ImportDirPath + ";Exclusive=No; Collate=Machine;NULL=NO;DELETED=NO;BACKGROUNDFETCH=NO;";
oConn.Open();
// Update time
string nowTime = DateTime.Now.ToString("HHmmss");
oCmd.CommandText = #"UPDATE " + tableName + " SET HQCJBS = " + nowTime + " WHERE HQZQDM = ?";
oCmd.Parameters.AddWithValue("row2", "000000");
oCmd.ExecuteNonQuery();
string query = "SELECT MIN(" + colName + ") FROM " + tableName + " WHERE HQZQDM <> 000000";
OdbcDataAdapter da = new OdbcDataAdapter(query, oConn);
DataSet ds = new DataSet();
da.Fill(ds);
Suppose colName and tableName are correct. I have two question.
Two Questions:
When the code da.Fill(ds); is hit, I got an error data type mismatch in criteria expression access, What is wrong?
After I get the minimum value from the database, how can I input it into the memory as a double, for example double min = ds.Tables[0];
Your update command should apply TWO parameters... one for the set, another for the where clause. Use the "?" place-holder for each respectively and add the parameters in the same order as they appear in the query.
string nowTime = DateTime.Now.ToString("HHmmss");
oCmd.CommandText = #"UPDATE " + tableName + " SET HQCJBS = ? WHERE HQZQDM = ?";
oCmd.Parameters.AddWithValue("setParm", nowTime );
oCmd.Parameters.AddWithValue("whereParm, "000000");
oCmd.ExecuteNonQuery();
For your select MIN() query, it appears your WHERE criteria column is a string and by having the literal numbers without quotes is applying it as a numeric... Again, stick with "?" parameters
OdbcCommand getMinCmd = new OdbcCommand("", oConn);
getMinCmd.CommandText = "SELECT MIN(" + colName
+ ") FROM " + tableName + " WHERE HQZQDM <> ?";
getMinCmd.Parameters.AddWithValue("whereParm, "000000");
OdbcDataAdapter da = new OdbcDataAdapter(getMinCmd);
DataSet ds = new DataSet();
da.Fill(ds);
Finally, to get the value OUT of the retrieved query into memory, you need to get the row of the table (only 1 record result set, zero-based index) and column-0 too. Since you did not assign a column name, you don't know the column and just go with 0-index...
int lowestValue = (int)ds.Tables[0].Rows[0][0];
Think of the above as the hierarchy...
ds
tables[0]
rows[0]
[column 0]
rows[1] -- but your query would only have one row anyhow
[column 0]
tables[1] -- if your query had multiple queries, this might be available
but at least it shows where the pieces are.
Now, if you change your query slightly to something like
select MIN( colName ) as MyMinValue ...
then your reference would be where you explicitly name the column from the row retrieved
int lowestValue = (int)ds.Tables[0].Rows[0]["MyMinValue"];
I am attempting to dynamically update a set of database tables. I have two variables;
table_name & field_name. These are populated by a foreach loop, that loops through a DataTable. Everytime we hit a new row in the DataTable the names change respectively. Within this loop I create a new Oracle Connection and attempt to write an update with the current table_name/field_name. But Oracle keeps giving me an error on my ExcecuteNonQuery command.
Any help is greatly appreciated!!
EDIT: I have reformatted to include parameters, still does not work does anyone have any ideas on what I am doing wrong?
foreach (DataRow fieldtable in setofTables.Tables[0].Rows)
{
//do work
table_name = fieldtable["table_name"].ToString().Trim();
field_name = fieldtable["field_name"].ToString().Trim();
MessageBox.Show(table_name + field_name);
//create parameters
OracleParameter fieldParamater = new OracleParameter("field_name", OracleDbType.Varchar2);
OracleParameter diffParameter = new OracleParameter("mark_diff_oracle", OracleDbType.BinaryFloat);
OracleParameter wellIdParameter = new OracleParameter("id", OracleDbType.Char);
//wellIdParameter.Size = 10;
//create oracle connection and open
OracleConnection OrclCon2 = new OracleConnection("Data Source=" + dbname + "; User Id=" + userid + ";Password=" + password1 + ";");
OrclCon2.Open();
//prepare sql to be passed to oracle
string UpdateOraSQL = "UPDATE " +table_name+ " set :field_name = :field_name - (:mark_diff_oracle) where id = ':id' and :field_name is not null;";
MessageBox.Show(UpdateOraSQL);
//create dommand
OracleCommand UpdateDB = new OracleCommand(UpdateOraSQL, OrclCon2);
UpdateDB.CommandType = CommandType.Text;
//add parameters
UpdateDB.Parameters.Clear();
UpdateDB.Prepare();
UpdateDB.Parameters.Add(fieldParamater).Value = field_name;
UpdateDB.Parameters.Add(diffParameter).Value = mark_diff_oracle;
UpdateDB.Parameters.Add(wellIdParameter).Value = id;
Remove the semicolon from the end of the sql statement. Change the following code
string UpdateOraSQL = "UPDATE " +table_name+ " set :field_name = :field_name - (:mark_diff_oracle) where id = ':id' and :field_name is not null;";
to
string UpdateOraSQL = "UPDATE " +table_name+ " set :field_name = :field_name - (:mark_diff_oracle) where id = ':id' and :field_name is not null";
See the following link for more information
why the semicolon couldn't place in the CommandText of a OracleCommand when C#
If the problem is still not resolved, it might be helpful if you post the entire exception message also.
AFAIK, you cannot use parameters to define the column that you're updating.
AFAIK, you can only use parameters for the values that you'd want to set.
So, you'll have to create the query using string concat:
string sql = "UPDATE " + tableName + " SET " + fieldName + " = :p_Value WHERE id = :p_Id";
OracleCommand UpdateDB = new OracleCommand(sql, OrclCon2);
UpdateDB.Parameters.Add ("p_Value", ... ).Value = "foo";
UpdateDB.Parameters.Add ("p_Id", ...).Value = 4;
Offcourse, you should make sure that the variables you're adding to the string do not contain any harmfull statements. You should do sanity checks on them.
Perhaps, you can even verify if the tableName or the fieldName that has been passed, is a valid / existing tableName/columnname.
In SQL, one does not say COLUMN <> NULL. The proper syntax is COLUMN IS NOT NULL.
I am trying to perform dynamic sql select where I am selecting from a table using a parameter.
SELECT null FROM #TableName
However I am getting error must declare table variable #TableName. I suspect this is because I am selecting from a table using a variable. I have not needed to do this before.
List<SqlParameter> sqlParams = new List<SqlParameter>()
{
new SqlParameter("TableName", "testtable"),
new SqlParameter("FieldName", "testfield"),
new SqlParameter("Find", "testfind"),
};
string sqlSelect = "SELECT null FROM #TableName
WHERE #FieldName LIKE '%' + #Find + '%' ";
DataTable dtSelect = SqlHelper.ExecuteDataset(sqlConn, CommandType.Text,
sqlSelect, 30, sqlParams.ToArray()).Tables[0];
//30 = timeout
How can I perform the above using dynamic sql? (no stored procedures please)
You cannot use parameters for things like table and column names. For those you could have a whitelist of possible values and then use string concatenation when building the SQL query.
You can't use parameters like that, so you have to build the query as a string. You could do that in SQL, but you can also just create the string in the C# code.
Make sure that the table name and field name are safe and trusted values, and doesn't come directly from an unsafe source like a web request.
string tableName = "testtable";
string fieldName = "testfield";
List<SqlParameter> sqlParams = new List<SqlParameter>() {
new SqlParameter("Find", "testfind"),
};
string sqlSelect =
"SELECT null " +
"FROM " + tableName + " " +
"WHERE " + fieldName + " LIKE '%' + #Find + '%' ";
private DataTable ExecuteDynamic(string TableName,string FieldName, string Find)
{
string sqlSelect = "SELECT * FROM " + TableName +
" WHERE " + FieldName + " LIKE '%'" + Find + "'%' ";
using (connection = new SqlConnection(Strcon))
connection.Open();
{
using (cmd = new SqlCommand(sqlSelect, connection))
{
cmd.CommandType = CommandType.Text;
cmd.CommandTimeout = 60;
adpt = new SqlDataAdapter(cmd);
dt = new DataTable();
adpt.Fill(dt);
return (dt);
}
}
}