locked
command parameter RRS feed

  • Question

  • User-492280791 posted

    Hi All,

    In my ASMX webserice I pass a string parameter like this and this works perfect:

    SqlClient.SqlParameter colourpar = new SqlClient.SqlParameter("@colour", colour);
    cmd.Parameters.Add(colourpar);

    Now I want to change it to a bit more secure structure like this:

    cmd.Parameters.Add("@colourpar", SqlDbType.NVarChar);
    cmd.Parameters["@colourpar"].Value = Convert.ToString(colour);

    What can be the problem here?

    Thanks!

    Friday, October 2, 2015 2:26 AM

Answers

  • User-821857111 posted

    What can be the problem here?
    Do you get an exception? If so, what is it?

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, October 2, 2015 2:39 AM
  • User475983607 posted

    Probably because you changed the parameter from @colour  to @colourpar without updating the SQL script as well.

    In the future please post the error and all the relevant code so we don't have to guess!

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, October 2, 2015 8:12 AM
  • User281315223 posted

    Have you tried using the Parameters.AddWithValue() method? I personally find it much easier as it doesn't require you to explicitly state the types and it will allow SQL to handle that for you (based on the column data type and the value you are passing in) :

    // You could also use Convert.ToString(colour) instead of color for the argument (depending on 
    // what colour is in this context)
    cmd.Parameters.AddWithValue("@colourpar", colour);
    

    You'll also want to ensure that the parameter you are passing in matches the parameter name within your SQL query exactly (i.e. if your parameter is called "colour", then pass in a parameter for "colour" and not "colourpar").

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, October 2, 2015 8:25 AM

All replies

  • User-821857111 posted

    What can be the problem here?
    Do you get an exception? If so, what is it?

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, October 2, 2015 2:39 AM
  • User475983607 posted

    Probably because you changed the parameter from @colour  to @colourpar without updating the SQL script as well.

    In the future please post the error and all the relevant code so we don't have to guess!

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, October 2, 2015 8:12 AM
  • User281315223 posted

    Have you tried using the Parameters.AddWithValue() method? I personally find it much easier as it doesn't require you to explicitly state the types and it will allow SQL to handle that for you (based on the column data type and the value you are passing in) :

    // You could also use Convert.ToString(colour) instead of color for the argument (depending on 
    // what colour is in this context)
    cmd.Parameters.AddWithValue("@colourpar", colour);
    

    You'll also want to ensure that the parameter you are passing in matches the parameter name within your SQL query exactly (i.e. if your parameter is called "colour", then pass in a parameter for "colour" and not "colourpar").

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, October 2, 2015 8:25 AM
  • User-492280791 posted

    thanks for the replies, because of your input I found a solution! your guesses were correct:

    In my previous code it was OK to declare a new par var => + "var" but in the second code I had to use exact SP var names

    Friday, October 2, 2015 11:00 PM