0

i am developing a web application in c#,i want to write sql query by using string.format function as follows:

string sSql = string.Format("Select * From {0}", DbReference.TABLE_NAME_SEC_ROLES);
                if (roleCriteria._roleName != null && roleCriteria._isEnabled == true)
                    sSql += string.Format(" where {0}={1} and {2}={3} " + DbReference.ROLE_NAME_COL, roleCriteria._roleName, DbReference.IS_ENABLED_COL, roleCriteria._isEnabled);
                if (roleCriteria._roleName != null)
                    sSql += string.Format(" where {1} = {2} " + DbReference.ROLE_NAME_COL, roleCriteria._roleName);
                if (roleCriteria._isEnabled == true)
                    sSql += string.Format("where {0}" + DbReference.IS_ENABLED_COL + "'false'");

and it gives me exception as follows:

Index (zero based) must be greater than or equal to zero and less than the size of the argument list.

so, Please give me solution on this exception.

Improve this question
4
  • 2
    Instead of String.Format you should use Parameters. Commented Oct 12, 2012 at 10:11
  • i must use string.format Commented Oct 12, 2012 at 10:12
  • If you do, you are asking for trouble. You shouldn't. Commented Oct 12, 2012 at 10:14
  • 2
    "i must use string.format" - either you don't understand what's being suggested and you do not need to use string.format, or this is homework and your teacher is a fool. Commented Oct 12, 2012 at 10:17

3 Answers 3

Reset to default
2

This does not work and raises a FormatException:

string.Format(" where {1} = {2} " + DbReference.ROLE_NAME_COL, roleCriteria._roleName);

Instead you need to start with zero since {2} is equal to the length of the args array what is not allowed:

string.Format(" where {0} = {1} " + DbReference.ROLE_NAME_COL, roleCriteria._roleName);

String.Format Method (String, Object[])

Edit: Another bug found:

replace

string.Format("where {0}" + DbReference.IS_ENABLED_COL + "'false'")

with

string.Format("where {0}", DbReference.IS_ENABLED_COL + "'false'")

Here you have specified a format item but not added the argument.

The number indicating an argument to format is less than zero, or greater than or equal to the length of the args array.

>>> But i would recommend to use Parameters instead.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

yes i already gone through this string.Format(" where {0} = {1} " + DbReference.ROLE_NAME_COL, roleCriteria._roleName); but not working still there is same exception
0

This is the line giving error

if (roleCriteria._roleName != null)                     
sSql += string.Format(" where {1} = {2} " + DbReference.ROLE_NAME_COL, roleCriteria._roleName);

Here you have used index 2 which does not exist. You should use 0 and 1.

Improve this answer

1 Comment

There were at least 3 lines with errors which blow up string.Format, plus another few logical errors and a string concatenation error.
0

There is so much wrong in such a short stretch of code. I think what you want is below, but I would strongly recommend that you switch to using parameters. Treating everything as strings is an invitation to trouble:

string sSql = string.Format("Select * From {0}", DbReference.TABLE_NAME_SEC_ROLES);
if (roleCriteria._roleName != null && roleCriteria._isEnabled == true)
   sSql += string.Format(" where {0}={1} and {2}={3} " ,/* , not + */ DbReference.ROLE_NAME_COL, roleCriteria._roleName, DbReference.IS_ENABLED_COL, roleCriteria._isEnabled); 
else if (roleCriteria._roleName != null) /* else added, otherwise this will fire if the above if did, and add a second WHERE clause */
   sSql += string.Format(" where {0} = {1} " ,/* , not + */ DbReference.ROLE_NAME_COL, roleCriteria._roleName); 
else if (roleCriteria._isEnabled == true) /* else added, otherwise this will fire if the first if did, and add another WHERE clause */
   sSql += string.Format(" where {0} = 'false'" , DbReference.IS_ENABLED_COL); /* , not +, and moved 'false' */
   /* Also, indented the `where`, since if only this if is true, it would mash the `where` onto the table name */

And we probably still need to insert some (') quote characters, in places, since I'm guessing that some of these formatted in values will be strings. And then we have to deal with escaping quotes.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.