C＃预处理语句 - @符号（AT /点心符号）查询 [英] C# Prepared Statements - @ sign (at / strudel sign) queries

问题描述

我在C＃一份准备好的声明一个问题：

I Have a problem with a prepared statement in C#:

OdbcCommand cmd = sql.CreateCommand();
cmd.CommandText = "SELECT UNIQUE_ID FROM userdetails WHERE USER_ID = ?";
cmd.Parameters.Add("@USER_ID", OdbcType.VarChar, 250).Value = email;

（当然电子邮件中包含一个有效的电子邮件地址，并用@符号）。

(of course email contains a valid email address, with @ sign).

这代码返回一个随机错误 -

This code returns a random error -

连接已被禁用
{ ERROR [01000] [微软] [ODBC SQL
Server驱动程序] [TCP / IP
插座] ConnectionWrite（发送（））。
错误[08S01] [微软] [ODBC SQL
Server驱动程序] [TCP / IP套接字]一般
网络错误。请检查您的网络
文档。}

"The connection has been disabled" {"ERROR [01000] [Microsoft][ODBC SQL Server Driver][TCP/IP Sockets]ConnectionWrite (send()). ERROR [08S01] [Microsoft][ODBC SQL Server Driver][TCP/IP Sockets]General network error. Check your network documentation."}

但是，如果我跑我的代码，而无需事先准备好的声明，意思是：

However if I run my code without a prepared statement, meaning:

cmd.CommandText = "SELECT UNIQUE_ID FROM userdetails WHERE USER_ID = '"+email+"'";

一切完美的作品。

Everything works perfectly.

也许这是相关的事实，我在参数化值@符号？我倾向于认为，我不是第一个试图创建一个准备好的语句与电子邮件地址...

Maybe it's related to the fact that I have a @ sign in the parametrized value? I tend to think I'm not the first one trying to create a prepared statement with an email address...

我不知道什么是错的！其他预处理语句正常工作...

I have no idea what's wrong! Other prepared statements work normally...

能否请你帮忙吗？ :)
谢谢，
尼莉

Can you please help? :) Thanks, Nili

推荐答案

事实上，ODBC有问题的份额配套命名参数。
然而，命名参数特定的使用是可能

Indeed, ODBC has its share of issues with supporting named parameters. However, certain usage of named parameters is possible.

例如，你的情况以下语法如下：

For example, in your case the following syntax works:

OdbcCommand cmd = sql.CreateCommand();
cmd.CommandText = "SELECT UNIQUE_ID FROM userdetails WHERE USER_ID = ?";
cmd.Parameters.Add("USER_ID", OdbcType.VarChar, 250).Value = email;

更​​棘手的情况是，当你没有像USER_ID参数唯一匹配=？;比如，当你想使用的在的运营商在 WHERE 的条款。

那么下面的语法会做工作：

Then the following syntax would do the job:

OdbcCommand cmd = sql.CreateCommand();
cmd.CommandText = "SELECT UNIQUE_ID FROM userdetails WHERE USER_ID IN (?, ?)";
cmd.Parameters.Add("?ID1", OdbcType.VarChar, 250).Value = email1;
cmd.Parameters.Add("?ID2", OdbcType.VarChar, 250).Value = email2;

请注意的使用？（问号）而不是<强> @ （at符号）参数名称中。虽然注意到参数值在这种情况下替换无关他们的名字，但只有他们才能与参数集合

Please note the usage of ? (question mark) instead of @ (at sign) within the parameter name. Although note that substitution of parameters' values in this case has nothing to do with their names, but only with their order with the parameters collection.

我希望这有助于： - ）

I hope this helps :-)

这篇关于C＃预处理语句 - @符号（AT /点心符号）查询的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！