Reputation: 884
dynamic/variable table name C# sqlclient
I have database tables that dynamically gets created. They all have the same name but with a unique ID at the end of the name like for example myTable1, myTable2 and so on.
I have these IDs but the question is how should my SQL look like in C# using sqlclient?
For example:
string sql = "SELECT * FROM myTable"+id;
Works but is still open for SQL injections
I've also tried:
string sql = "SELECT * FROM myTable@id";
command.Parameters.AddWithValue("id", id);
But does not work since the sql reads the table name as myTable@id not for example myTable1
Is there a way to insert parameters for the table name?
Upvotes: 0
Views: 2033
Answers (2)
Reputation: 4059
I think using column names in this particular query may do the job .
string sql = "SELECT colName1, colName2 , colname ......FROM myTable"+id;
Upvotes: 0
Reputation: 98750
Regular SQL can't have parameters on field names or table names, just on values.
Take a look at Dynamic SQL instead.
Upvotes: 4
Related Questions
- Dynamic table name with entity framework
- Parameterise table name in .NET/SQL?
- Query with dynamic table name
- Create a table in SQL Server where the name is a variable in C#?
- dynamic table name in Entity
- Set table name and column name dynamically in SQL statement
- Variable table name using dynamic SQL in C#
- Create table where table name is a variable
- Dynamically set a table name in EF
- How can I supply a table name at runtime using LINQ to SQL?