0

I have the following code:

string connectionString = 
    "Provider=Microsoft.JET.OLEDB.4.0;" + 
    "data source=" + processProgramPath + ";";

using (OleDbConnection connection = new OleDbConnection(connectionString))
{
    connection.Open();
    using (OleDbCommand command = new OleDbCommand(
        "SELECT @Value " +
        "FROM BONDPARAMETERS " +
        "WHERE BONDPARAMETERS.SetName = @SetName", connection))
    {
        command.Parameters.AddWithValue("@Value", value);
        command.Parameters.AddWithValue("@SetName", setName);               

        var result = command.ExecuteScalar();
        return result.ToString();
    }
}

What I am expecting to get is 760 as a result. However I am getting the title for the column which is StartForce.

value = "StartForce" setName = "450(18)-F-OE"

If I change the using to this:

using (OleDbCommand command = new OleDbCommand("SELECT "+value+" " +

it works. What gives?

Thanks in advance

Improve this question

1 Answer 1

Reset to default
1

You can't build SQL dynamically with parameters like that. See this question: Using C# SQL Parameterization on Column Names

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

So would my work around be a valid way to do this then? Or is it as tacky as I feel it is?

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.