Insert parameterized ASP.NET MS SQL query

Question

Insert parameterized ASP.NET MS SQL query

Here is my SQLCommand object:

oCommand.CommandText = 
"INSERT INTO hits (id,client_id,client_ip,page,vars) VALUES _
                     (@@IDENTITY,@client_id,@ip,@page,@vars)"
oCommand.Parameters.Count = 4
 >>   oCommand.Parameters.Item(0).ParameterName = "@client_id"
 >>   oCommand.Parameters.Item(0).Value = "123456"
 >>   oCommand.Parameters.Item(1).ParameterName = "@ip"
 >>   oCommand.Parameters.Item(1).Value = "127.0.0.1"
 >>   oCommand.Parameters.Item(2).ParameterName = "@page"
 >>   oCommand.Parameters.Item(2).Value = "default.aspx"
 >>   oCommand.Parameters.Item(3).ParameterName = "@vars"
 >>   oCommand.Parameters.Item(3).Value = Nothing

This is the error I am getting:

" The parameterized query '(@ip nvarchar(9),@client_id nvarchar(4000),@page nvarchar(12),@v' expects the parameter '@client_id', which was not supplied.

"

And here are the functions:

Public Shared Function insertIntoHitTable(ByVal oData As gsTrack) As Boolean
    Dim oObj As New List(Of Object())
    oObj.Add(New Object() {"@client_id", cV(oData.ClientID)})
    oObj.Add(New Object() {"@ip", cV(oData.IP)})
    oObj.Add(New Object() {"@page", cV(oData.Page)})
    oObj.Add(New Object() {"@vars", oData.Vars})
    Dim oCommand As SqlCommand = InsertIntoHitTableSQL(oObj)
    oCommand.Connection.Open()
    oCommand.ExecuteNonQuery()
    oCommand.Connection.Close()
End Function

Public Shared Function createSQLCommand(ByVal oCmdTxt As String, ByVal oParams As List(Of Object())) As SqlCommand
    Dim oCommand As SqlCommand = Nothing
    Dim oBuilder As New StringBuilder
    Dim oParam As SqlParameter
    oCommand = New SqlCommand(oCmdTxt, New SqlConnection(csString))
    Try
        For i As Integer = 0 To oParams.Count - 1
            oParam = New SqlParameter
            oParam.ParameterName = oParams(i)(0)
            oParam.Value = oParams(i)(1)
            oCommand.Parameters.Add(oParam)
            oParam = Nothing
        Next
        Return oCommand
    Catch ex As Exception
        Return Nothing
    End Try
End Function

Any pointers on how to resolve this parameterized query error? thank!

EDIT

I should note that cV () is just a cleanup function, it checks if the passed variable is not there.

+1

sql-server asp.net

Anders Dec 19. '08 at 19:07

source to share

3 answers

I believe the number and index of the parameters are slightly biased since you are specifying @@ IDENTIDY in the insert statement. I usually do the following syntax when doing a parameterized query:

oCommand = New SqlCommand("INSERT INTO hits (id,client_id,client_ip,page,vars) VALUES (@@IDENTITY,@client_id,@ip,@page,@vars)", CONNECTION OBJECT)

oCommand.CommandType = CommandType.StoredProcedure
oCommand.Parameters.Add("@client_id", SqlDbType.Integer, 10)
oCommand.Parameters("@client_id").Direction = ParameterDirection.Input
oCommand.Parameters("@client_id").Value = cV(oData.ClientID)
oCommand.Parameters.Add("@ip", SqlDbType.VarChar, 15)
oCommand.Parameters("@ip").Direction = ParameterDirection.Input
oCommand.Parameters("@ip").Value = cV(oData.IP)

oCommand.Connection.Open()
oCommand.ExecuteNonQuery()
oCommand.Connection.Close()

... and you can see how the rest will follow the rest of your parameters.

+3

Dillie-O Dec 19. '08 at 19:15

source to share

You should NEVER use the @@ identifier. If the column is an identifier, just don't include it in the list of values. If you use it anywhere, to get the value you just inserted, use scope_identity () instead, unless you need data integrity issues.

0

HLGEM Dec 22. '08 at 20:18

source to share

Nathan Koop · Accepted Answer · 2008-12-19T19:15:13+0000

In the CV function, are you checking if the value is null? One of the sites I see docs that you need to pass DBNull.value instead of null.

Insert parameterized ASP.NET MS SQL query

EDIT

More articles: