4

I'm having problems passing parameters to a SQL string for a SqlCommand. When I use option 1 (see below), the code works. When I use option 2, it doesn't work. I'm not sure how to get the .AddWithValue method to work with the SqlCommand.

Any help would be appreciated!

private string [] GetOrderInfo (string folder)
{
    string [] order = new string [] { "date", "order#", "storeid", "storename", "username" };

    using (SqlConnection conn = new SqlConnection (_connectionString))
    {
        conn.Open ();

        // Option 1: this line works.
        //string sql = "select * from OrderProduct where OrderProductID=26846";

        // Option 2: this line doesn't work.
        string sql = "select * from OrderProduct where OrderProductID=@folder;";

        using (SqlCommand command = new SqlCommand (sql, conn))
        {
            command.Parameters.AddWithValue ("@folder", folder);

            using (SqlDataReader reader = command.ExecuteReader ())
            {
                while (reader.Read ())
                    order [1] = Convert.ToString (reader.GetInt32 (1));
            }
        }

        conn.Close ();
    } // using (SqlConnection conn = new SqlConnection (connectionString))

    return order;
}
Improve this question
8
  • In "option 1" you're assigning something that actually looks like a product ID: 26846. In "option 2", you're assigning it a string called folder. That doesn't seem to make sense... Commented Nov 19, 2016 at 0:36
  • What does "it doesn't work" mean exactly. Commented Nov 19, 2016 at 0:38
  • 1
    Try H. Fadlallah's answer. Commented Nov 19, 2016 at 0:40
  • 2
    This kind of problem is why you really should avoid using AddWithValue Commented Nov 19, 2016 at 2:15
  • 1
    command.Parameters.AddWithValue ("@folder", int.Parse(folder)); will work, you need to pass the parameter value with correct type which database column type defined Commented Nov 19, 2016 at 8:00

3 Answers 3

Reset to default
3

Try using

 Command.Parameters.Add("@folder",SqlDbType.Varchar).Value = folder;
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

AddWithValue method uses the type of value to define the correct SqlDbType. So, if your field OrderProductID is type of INT, you need to add an int.

Sample:

command.Parameters.AddWithValue ("@folder", 26846);

Another easy way is to use a Simple Object Mapper like SqlDatabaseCommand or Dapper.

using (var cmd = new SqlDatabaseCommand(_connection))
{
    cmd.CommandText.AppendLine(" SELECT * ")
                   .AppendLine("   FROM EMP ")
                   .AppendLine("  WHERE EMPNO = @EmpNo ")
                   .AppendLine("    AND HIREDATE = @HireDate ");

    cmd.Parameters.AddValues(new
            {
                EmpNo = 7369,
                HireDate = new DateTime(1980, 12, 17)
            });

    var emps = cmd.ExecuteTable<Employee>();
}
Improve this answer

Comments

0

You can try with: 

using (SqlCommand command = new SqlCommand("select * from OrderProduct where OrderProductID=@folder", conn))
{
    command.Parameters.Add(new SqlParameter("@folder", folder));

    using (SqlDataReader reader = command.ExecuteReader())
    {
        while (reader.Read())
            order[1] = Convert.ToString(reader.GetInt32(1));
    }
}
Improve this answer

1 Comment

Where did you see it was deprecated ? No mention here : msdn.microsoft.com/en-us/library/0881fz2y(v=vs.110).aspx

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.