绑定参数给OLEDB命令抛出错误

本文介绍了绑定参数给OLEDB命令抛出错误的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我使用AS 400 OLEDB与.NET。它使用'？'而不是'@param用命令绑定参数现在有一种情况，命令是像

I am using AS 400 OLEDB with .NET. It uses '?' instead of '@param to bind parameters with a command Now there is a situation where the command is like

SELECT ... FROM (SELECT ... ROW_NUMBER() OVER(ORDER BY ColumnName) as RowNum FROM Employees e ) as DerivedTableName WHERE RowNum BETWEEN @startRowIndex AND (@startRowIndex + @maximumRows) - 1

我的命令变成

Now my command becomes

SELECT ... FROM (SELECT ... ROW_NUMBER() OVER(ORDER BY ColumnName) as RowNum FROM Employees e ) as DerivedTableName WHERE RowNum BETWEEN ? AND (? + ?) - 1

现在当我绑定参数

myCommand.Parameters.Add(new OleDbParameter("?",startRowIndex)); myCommand.Parameters.Add(new OleDbParameter("?", startRowIndex)); myCommand.Parameters.Add(new OleDbParameter("?", MaximumRows));

它会引发错误

SQL0417: Combination of parameter markers not valid. Cause . . . . . : The statement string specified as the object of a PREPARE statement contains a predicate or expression where parameter markers have been used as operands of the same operator. The following restrictions apply to the use of parameter markers: -- Both the operands in a predicate cannot be parameter markers. For example, specifying predicates of the form: ? = ? or ? = ( SELECT ? FROM x ) are not valid.

如何在这种情况下绑定参数？我想避免sql注入：）

How do I bind parameters in this situation ? I want to avoid sql injection :)

推荐答案

尝试更改参数的名称

myCommand.Parameters.Add(new OleDbParameter("@startRowIndex",startRowIndex)); myCommand.Parameters.Add(new OleDbParameter("@startRowIndex2", startRowIndex)); myCommand.Parameters.Add(new OleDbParameter("@MaximumRows", MaximumRows));

但保留SQL。