Insert string into SQL query without quotes

1247 views c#
1

I need to make a query that looks like this:

SELECT * FROM Table WHERE Row.DATA = value

Where DATA I need to pass through SqlParameter. If I do something like this:

string value = "DATA";
SqlCommand sql = new SqlCommand("SELECT * FROM Table WHERE Row.@Val = value");
sql.Parameters.Add("@Val", SqlDbType.VarChar).Value = value;

I get following query which is invalid:

SELECT * FROM Table WHERE Row.'DATA' = value

answered question

The Parameter is supposed to be your value, not data

SqlParameters used to provide values, they're not intended to pass table names, schemas or other things than potentially assigned values.

1 Answer

8

string value = "DATA";
SqlCommand sql = new SqlCommand($"SELECT * FROM Table WHERE Row.{value} = value");

posted this

Have an answer?

JD

Please login first before posting an answer.