2

In my C# code, I have to do an SQL Query like this :

context.ExecuteStoreQuery("SELECT * FROM MyTable WHERE Field0 = {0} AND 
    Field1 = {1}", field0, field1)

When field1 = null in c# and NULL in database this query doesn't work. (I have to use a different syntax with IS NULL)

How can I correct this without make an if (in reality, I have 10 fields...) ?

Improve this question
4
  • 3
    Looks ripe for SQL Injection. xkcd.com/327 Commented Oct 11, 2010 at 12:36
  • 2
    @Oded: ObjectContext.ExecuteStoreQuery is not the same as string.Format, despite the similarity in syntax. ObjectContext.ExecuteStoreQuery parameterizes the query automatically. Commented Oct 11, 2010 at 13:09
  • 1
    @Adam Robinson - Thanks for the info. I will leave my earlier comment there, so your information will be in context :) Commented Oct 11, 2010 at 13:48
  • so many things wrong... so little time.... Commented Oct 11, 2010 at 21:05

4 Answers 4

Reset to default
4

By default, SQL server does not allow you to compare a value to null. All comparisons resolve to false, even those that are logically opposite. In other words, you can do:

where field = 1 and where field <> 1. If field is null, both logically resolve to false.

In any case, you need an explicit check for null in your query:

context.ExecuteStoreQuery(@"SELECT * FROM MyTable WHERE 
    (Field0 = {0} or (Field0 is null and {0} is null))  AND 
    (Field1 = {1} or (Field1 is null and {0} is null))", field0, field1)
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

` AND [_TYPE] = CASE WHEN NULL IS NULL THEN [_TYPE] ELSE @TYPE END` this runs fine in SQL Server 2008 and it's quite driving me mad, as it can't be used in C# SQL string.
0 
public string appendCondition(String sqlQuery, String field, Object value)
{ 
 string resultQuery = sqlQuery + " " + value == null ? " IS NULL " : "=" + value.ToString();
 return resultQuery;
}

Hope you can add simple logic to add "WHERE" or "AND" by yourself.

Improve this answer

Comments

0

well, the first thing i would do is remove the select *. BAD!

the second thing i would do is make this a stored procedure.

    create procedure dbo.MyTableSelect
    @field0 int,
    @field1 int=null
as
begin

    select
        *
    from MyTable
    where Field0=@field0
        and (@field1 is null or Field1=@field1)



end

you then can change your code to this

context.ExecuteStoreQuery("exec dbo.MyTableSelect @field0={0}, @field1 = {1}", field0, field1)
Improve this answer

Comments

0

you can use the short variant of the if statement. I don't think you can handle your problem without an if statement. Example:

String.Format("SELECT * FROM MyTable WHERE Field0 {0} ", value==null ? "IS NULL" : String.Format("= {0}", value))

It is also possible to parameterize the query by using "@ParameterName"

context.ExecuteStoreQuery<ProductionUnit>(
  String.Format("SELECT * FROM MyTable WHERE Field0 {0} @Parameter1",
  value==null ? "IS", "="), new SqlParameter("@Parameter1", value));

Regards

Improve this answer

3 Comments

Interestign approach. {1} could still be parameterised of course
You will have NullReferenceException because String.Format will call value.ToString even if first condition will return true.
@cement: You can pass null to string.Format, though this design won't work in this particular scenario. ObjectContext.ExecuteStoreQuery (which is what the user is using) is not just a string formatting function, as it automatically parameterizes the query using the supplied values. This approach will not product valid SQL.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.