error with SqlCe Parameters
I have made MANY parameterised queries in my time on this lovely planet, and none have thrown an error like this... WTFudge?!?!
ERROR:
There was an error parsing the query. [
Token line number = 1,
Token line offset = 20,
Token in error = @table ]
Obviously the compiler doesn't like my SQL statement... but I see no problem???
Here is my code.
using (SqlCeConnection con = new SqlCeConnection(_connection))
{
string sqlString = "SELECT @colID FROM @table WHERE @keyCol = @key";
SqlCeCommand cmd = new SqlCeCommand(sqlString, con);
cmd.Parameters.Add(new SqlCeParameter("@table", tableName));
cmd.Parameters.Add(new SqlCeParameter("@colID", columnIdName));
cmd.Parameters.Add(new SqlCeParameter("@keyCol", keyColumnName));
cmd.Parameters.Add(new SqlCeParameter("@key", key));
try
{
con.Open();
return cmd.ExecuteScalar();
}
catch (Exception ex)
{
Console.Write(ex.Message);
throw new System.InvalidOperationException("Invalid Read. Are You Sure The Record Exists", ex);
}
finally
{
if (con.State == ConnectionState.Open)
con.Close();
cmd.Dispose();
GC.Collect();
}
}
as you can see its a VERY simple SQL statement. I though "@table" may have been stupidly reserved or something... so ive tried @tableName, @var, @everything!!! dont know what the problem is.
During debug I checked that there was actually a @table parameter in the SqlCeParameterCollection And it was there. Clear as day!!
Since you are in C# (as opposed to stored procs)
string sqlString = "SELECT " + columnIdName +
" FROM " +tableName "WHERE " + keyColumnName + "= @key";
You will want to verify that columnIdName, tableName, keyColumnName are all restricted to a list of values (or at the very least, restrict the length to, say 50 characters), otherwise this procedure is optimized for insecurity and sql injection attacks.
- Is this declaration UB?
- Calling an external C function (in a shared lib) from Perl with Inline/C does not work
- Eclipse C/C++ how to find variable belongs to which struct quickly
- Is this truly best way to delete last element in C?
- Why do we need address virtualization in an operating system?
- Can a real floating-point type alias a complex floating-point type in C?
- Shadowing an iterator inside a for loop has undefined (?) behaviour in C
- Can a C program execute successfully if main() is defined as a macro?
- Ambiguity in scope of for loop declaration versus body
- Understanding the difference in timing of two functions that increment each element of an integer array
- Why MSVC generates warning C4127 when constant is used in "while" - C
- Executing a user-space function from the kernel space
- Why must the variable used to hold getchar's return value be declared as int?
- mpirun -np 4 ./a.out doesn't use all my cores (ubuntu 24.04LTS)
- Sleep for N seconds and wait for keypress
- Dereference twice in gdb
- Is it safe to cast a struct pointer to a different struct pointer having a prefix of elements?
- Can a C compiler legally reject a program if its call stack depth exceeds a fixed limit at compile time?
- return type defaults to 'int' [-Wimplicit-int]
- What is the scope of `fesetround()`?
- Which specific optimization flag causes libm functions to be treated as pure?
- How to render text in SDL2?
- Why would you use 'extern "C++"'?
- Strange Behavior Compiler Ignoring NULL Check Unless I Print Something in the if Statement
- Fast inverse square root using fixed point instead of floating point
- What is the const qualifier attached to in C: the memory area or the pointer?
- GCC options for strictest C code?
- How to do an explicit fall-through in C
- How do compilers treat CONST qualifier when the pointer points to a memory location obtained with malloc()?
- C: cmocka headers - how to unittest?