Anyname Donotcare
Reputation: 11403
How to pass the table name and the selected fields as parameters
I get the following error :
ERROR:-201 MEssage: [Informix .NET provider][Informix]A syntax error has occurred.
when I try to execute this code :
string table_name = resultDt.Rows[0][1].ToString();
string pdf_column = resultDt.Rows[0][0].ToString();
st.Append(" SELECT ? FROM ?");
paramList.Clear();
paramList.Add("@tablename", table_name);
paramList.Add("@pdf_column", pdf_column);
resultDt =dalHelper.Return_DataTable(st.ToString(), CommandType.Text, paramList);
return resultDt;
Upvotes: 1
Views: 303
Answers (1)
adrianm
Reputation: 14726
You can't.
Use String.Replace instead.
st.Append(" SELECT @pdf_column FROM @tablename");
st.Replace("@tablename", table_name);
st.Replace("@pdf_column", pdf_column);
If table_name and pdf_column comes from user input in anyway you should use a QuoteName function (i.e. QuoteName(table_name)) to prevent sql injection. Don't know about Informix but here is one for SqlServer.
Upvotes: 3
Related Questions
- IBM Informix How to pass string value in parameter
- Table name and table field on SqlParameter C#?
- Why parameterized query doesn't work although the procedure works fine
- How to use parameters in IN Clause sql informix
- Why my query doesn't update the table with my input parameters?
- Using named parameters in Informix queries in an ASP.net application
- Parameterized query issue
- about parameterized query
- Wrong number of parameters (parametrized query)
- how to write select parameterized query in asp.net