Click here to Skip to main content
13,664,842 members
Rate this:
 
Please Sign up or sign in to vote.
I need the code of Stored procedure for the following Sql Command and the syntax for how to invoke the stored procedure in C#.
The Code is:
"SELECT * FROM (SELECT ROW_NUMBER() OVER (ORDER BY [index]) AS RowNum, * FROM [Products] WHERE ([manufacturer]='" + cys + "')) sub WHERE RowNum = '"+x+"'"


Reply needed ASAP.
Posted 24-Jul-13 6:24am
Comments
NotPolitcallyCorrect 24-Jul-13 12:40pm
   
"Reply needed ASAP", some manners might be nice. What is wrong with reading the documentation?
RedDk 25-Jul-13 13:41pm
   
I'm not sure about manners but from the looks of the WHERE clause here in the SELECT, when execution comes to substitution of value, on the fly, the column ("RowNum"), ssmse will throw a Msg 207 error "Invalid column name 'RowNum'.

1 solution

Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 1

Hi,

Have a look here:
http://www.csharp-station.com/Tutorials/AdoDotNet/Lesson07.aspx[^]
http://msdn.microsoft.com/en-us/library/ms171921%28v=vs.110%29.aspx[^]

I see that you use string concatenation to build a query. NEVER use string concatenation to build SQL queries! If you use it, your application isn't protected against SQL Injection[^]! To prevent SQL Injection, use parameterized queries:
http://www.dotnetperls.com/sqlparameter[^]
http://johnhforrest.com/2010/10/parameterized-sql-queries-in-c/[^]
http://csharp-station.com/Tutorial/AdoDotNet/Lesson06[^]
http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlparameter.aspx[^]
  Permalink  
v2
Comments
Maciej Los 24-Jul-13 14:26pm
   
A5!
Thomas D [ProgramFOX] 24-Jul-13 14:29pm
   
Thank you!
Adarsh chauhan 25-Jul-13 2:37am
   
I agree... using parameters instead of string concatenation is always better and secure way...
Nice and helpful links.. +5
Thomas D [ProgramFOX] 25-Jul-13 3:00am
   
Thank you!

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month


Advertise | Privacy | Cookies | Terms of Service
Web05-2016 | 2.8.180810.1 | Last Updated 22 Apr 2015
Copyright © CodeProject, 1999-2018
All Rights Reserved.
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100