尝试执行存储过程时出现意外错误
Posted
技术标签:
【中文标题】尝试执行存储过程时出现意外错误【英文标题】:unexpected error when trying to execute stored procedure 【发布时间】:2012-01-26 07:18:58 【问题描述】:当我尝试执行特定的存储过程时出现以下异常:
Input string was in incorrect format
我的 .cs :
sQuery.Append("EXECUTE procedure get_department(" + dep_code + "," + emp_code + "," + batch_code + ")");
return DAL_Helper.Return_DataTable(sQuery.ToString());
我调试并确保所有参数都是intger。
public DataTable Return_DataTable(string cmdText)
Open_Connection();
DataTable dt = new DataTable();
command.CommandText = cmdText;
command.CommandType = CommandType.Text;
command.Connection = connection;
try
dt.Load(command.ExecuteReader());
catch (IfxException ifxEx)// Handle IBM.data.informix : mostly catched
ErrMapping.WriteLog("\r\n Error Code: " + ifxEx.Errors[0].NativeError.ToString() +
"\r\n MEssage: " + ifxEx.Errors[0].Message);
throw new Exception("ERROR:" + ifxEx.Errors[0].NativeError.ToString() +
"\r\n MEssage: " + ifxEx.Errors[0].Message);
catch (Exception ex)// Handle all other exceptions.
ErrMapping.WriteLog("\r\n Error Message: " + ex.Message);
throw new Exception("\r\n Error Message: " + ex.Message);
finally
Close_Connection();
return dt;
编辑 1:
public DataTable Return_DataTable(string cmdText, CommandType cmdType, Dictionary<string, string> Param_arr)
Open_Connection();
int return_val = -1;
DataTable dt = new DataTable();
command.CommandText = cmdText;
command.CommandType = cmdType;
if (cmdType == CommandType.StoredProcedure)
if (Param_arr != null)
command.Parameters.Clear();
if (Param_arr.Count > 0)
for (IEnumerator<KeyValuePair<string, string>> enumerator = Param_arr.GetEnumerator(); enumerator.MoveNext(); )
param = command.CreateParameter();
param.ParameterName = enumerator.Current.Key.ToString();
param.Value = enumerator.Current.Value.ToString();
command.Parameters.Add(param);
IfxDataReader dr2;
try
dr2 = command.ExecuteReader();
dt.Load(dr2);
catch (IfxException ifxEx)// Handle IBM.data.informix : mostly catched
ErrMappingForInformix.WriteLog("\r\n Error Code: " + ifxEx.Errors[0].NativeError.ToString() +
"\r\n MEssage: " + ifxEx.Errors[0].Message);
throw new Exception("ERROR:" + ifxEx.Errors[0].NativeError.ToString() +
"\r\n MEssage: " + ifxEx.Errors[0].Message);
catch (Exception ex)// Handle all other exceptions.
ErrMappingForInformix.WriteLog("\r\n Error Message: " + ex.Message);
throw new Exception("\r\n Error Message: " + ex.Message);
finally
Close_Connection();
return dt;
【问题讨论】:
如果错误是关于字符串的,你可以试试get_department('" + dep_code + "','" + emp_code + "','" + batch_code + "')
【参考方案1】:
这个怎么样:
command.CommandText = "get_department";
command.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(new SqlParameter("dep_code", dep_code));
cmd.Parameters.Add(new SqlParameter("emp_code", emp_code));
cmd.Parameters.Add(new SqlParameter("batch_code", batch_code));
查看this article 中的不同示例(更具体地说:清单 4. 执行带参数的存储过程)。
以下代码行:
sQuery.Append("EXECUTE procedure get_department(" + dep_code + "," + emp_code + "," + batch_code + ")");
就像是拼命尝试破坏一切,容易受到 SQL 注入的攻击。 从不在构建 SQL 查询时使用字符串连接。
【讨论】:
非常感谢,但是传递一组参数 key 和 value 的最佳方式是什么? 我试试Dictionary<string, string> Param_arr
但是当我使用这种方式进行多次插入时,它会导致内存泄漏和性能问题,我不得不使用连接来解决我的性能问题。
Open_Connection(); DataTable dt = null; cmd.CommandText = cmd.CommandText; cmd.CommandType = cmdtype; cmd.Connection = connection; cmd.CommandTimeout = 100; for (int j = 0; j < parameters.Length; j++) cmd.Parameters.Add(parameters[j]); try dt.Load(cmd.ExecuteReader());
DBConnectionForInformix con = new DBConnectionForInformix(""); IfxCommand cmd = new IfxCommand("rr35rstrec", con.Connection); IfxParameter[] param = new IfxParameter[2]; param[0] = new IfxParameter("batch_code", 5327); param[1] = new IfxParameter("dep_code", 412); param[2] = new IfxParameter("emp_code", 93); DataTable dtres = con.Return_DataTable(cmd, CommandType.StoredProcedure, param);【参考方案2】:
据我所知,您不需要写“程序”和括号:
"EXECUTE get_department" + dep_code + "," + emp_code + "," + batch_code
http://msdn.microsoft.com/en-us/library/ms188332.aspx
【讨论】:
以上是关于尝试执行存储过程时出现意外错误的主要内容,如果未能解决你的问题,请参考以下文章