how do I specify a variable in cmd.Parameters.AddWithValue(“@” & Variable & “” , “”) in...












-1















The field in which the data should be inserted is actually dependent on the store which is active currently. For that reason I want the parameter be dynamic based on the case but I am not able to figure out how do I mention a variable inside the Parameter function as name of the field



Code: 



 Dim whichListID = "Store1ListID"

 Str = "Insert Into Customer ([" & whichListID & "], [AccountBalance])"& 

 "Values(@" & whichListID & ",@AccountBalance)"

  cmd = New SqlCommand(Str, con2)  'Fine up till here





 cmd.Parameters.AddWithValue("" & "@" & whichListID & "", "45675671")

 cmd.Parameters.AddWithValue("@AccountBalance", 0)

 con2.Open()

 cmd.ExecuteNonQuery()

  con2.Close()


So my question is how do i write the following statement correctly:-



       cmd.Parameters.AddWithValue("" & "@" & whichListID & "", "45675671")





sql-server vb.net







share|improve this question

























  • The scary part here appears to be that this is open to injection.

    – Larnu
    Dec 29 '18 at 13:25











  • but the parameter would be consisting field name not data

    – Far
    Dec 29 '18 at 13:31













  • You can't parameterize column names. It seems odd to insert the column name as a column value too. Is that your intent?

    – Dan Guzman
    Dec 29 '18 at 13:50






  • 2





    start by NOT using addwithvalue anywhere.

    – SMor
    Dec 29 '18 at 16:01






  • 1





    @Dan Guzman You can't parameterize column names, are you sure you cant? Theres nothing stopping me from calling an sp which has params, that can take column names to build what I want using dynamic sql...

    – Çöđěxěŕ
    Dec 29 '18 at 16:12


















-1















The field in which the data should be inserted is actually dependent on the store which is active currently. For that reason I want the parameter be dynamic based on the case but I am not able to figure out how do I mention a variable inside the Parameter function as name of the field



Code: 



 Dim whichListID = "Store1ListID"

 Str = "Insert Into Customer ([" & whichListID & "], [AccountBalance])"& 

 "Values(@" & whichListID & ",@AccountBalance)"

  cmd = New SqlCommand(Str, con2)  'Fine up till here





 cmd.Parameters.AddWithValue("" & "@" & whichListID & "", "45675671")

 cmd.Parameters.AddWithValue("@AccountBalance", 0)

 con2.Open()

 cmd.ExecuteNonQuery()

  con2.Close()


So my question is how do i write the following statement correctly:-



       cmd.Parameters.AddWithValue("" & "@" & whichListID & "", "45675671")





sql-server vb.net







share|improve this question

























  • The scary part here appears to be that this is open to injection.

    – Larnu
    Dec 29 '18 at 13:25











  • but the parameter would be consisting field name not data

    – Far
    Dec 29 '18 at 13:31













  • You can't parameterize column names. It seems odd to insert the column name as a column value too. Is that your intent?

    – Dan Guzman
    Dec 29 '18 at 13:50






  • 2





    start by NOT using addwithvalue anywhere.

    – SMor
    Dec 29 '18 at 16:01






  • 1





    @Dan Guzman You can't parameterize column names, are you sure you cant? Theres nothing stopping me from calling an sp which has params, that can take column names to build what I want using dynamic sql...

    – Çöđěxěŕ
    Dec 29 '18 at 16:12
















-1












-1








-1








The field in which the data should be inserted is actually dependent on the store which is active currently. For that reason I want the parameter be dynamic based on the case but I am not able to figure out how do I mention a variable inside the Parameter function as name of the field



Code: 



 Dim whichListID = "Store1ListID"

 Str = "Insert Into Customer ([" & whichListID & "], [AccountBalance])"& 

 "Values(@" & whichListID & ",@AccountBalance)"

  cmd = New SqlCommand(Str, con2)  'Fine up till here





 cmd.Parameters.AddWithValue("" & "@" & whichListID & "", "45675671")

 cmd.Parameters.AddWithValue("@AccountBalance", 0)

 con2.Open()

 cmd.ExecuteNonQuery()

  con2.Close()


So my question is how do i write the following statement correctly:-



       cmd.Parameters.AddWithValue("" & "@" & whichListID & "", "45675671")





sql-server vb.net







share|improve this question
















The field in which the data should be inserted is actually dependent on the store which is active currently. For that reason I want the parameter be dynamic based on the case but I am not able to figure out how do I mention a variable inside the Parameter function as name of the field



Code: 



 Dim whichListID = "Store1ListID"

 Str = "Insert Into Customer ([" & whichListID & "], [AccountBalance])"& 

 "Values(@" & whichListID & ",@AccountBalance)"

  cmd = New SqlCommand(Str, con2)  'Fine up till here





 cmd.Parameters.AddWithValue("" & "@" & whichListID & "", "45675671")

 cmd.Parameters.AddWithValue("@AccountBalance", 0)

 con2.Open()

 cmd.ExecuteNonQuery()

  con2.Close()


So my question is how do i write the following statement correctly:-



       cmd.Parameters.AddWithValue("" & "@" & whichListID & "", "45675671")





sql-server vb.net




sql-server vb.net






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Dec 29 '18 at 13:35







Far

















asked Dec 29 '18 at 13:21









FarFar

48112




48112













  • The scary part here appears to be that this is open to injection.

    – Larnu
    Dec 29 '18 at 13:25











  • but the parameter would be consisting field name not data

    – Far
    Dec 29 '18 at 13:31













  • You can't parameterize column names. It seems odd to insert the column name as a column value too. Is that your intent?

    – Dan Guzman
    Dec 29 '18 at 13:50






  • 2





    start by NOT using addwithvalue anywhere.

    – SMor
    Dec 29 '18 at 16:01






  • 1





    @Dan Guzman You can't parameterize column names, are you sure you cant? Theres nothing stopping me from calling an sp which has params, that can take column names to build what I want using dynamic sql...

    – Çöđěxěŕ
    Dec 29 '18 at 16:12





















  • The scary part here appears to be that this is open to injection.

    – Larnu
    Dec 29 '18 at 13:25











  • but the parameter would be consisting field name not data

    – Far
    Dec 29 '18 at 13:31













  • You can't parameterize column names. It seems odd to insert the column name as a column value too. Is that your intent?

    – Dan Guzman
    Dec 29 '18 at 13:50






  • 2





    start by NOT using addwithvalue anywhere.

    – SMor
    Dec 29 '18 at 16:01






  • 1





    @Dan Guzman You can't parameterize column names, are you sure you cant? Theres nothing stopping me from calling an sp which has params, that can take column names to build what I want using dynamic sql...

    – Çöđěxěŕ
    Dec 29 '18 at 16:12



















The scary part here appears to be that this is open to injection.

– Larnu
Dec 29 '18 at 13:25





The scary part here appears to be that this is open to injection.

– Larnu
Dec 29 '18 at 13:25













but the parameter would be consisting field name not data

– Far
Dec 29 '18 at 13:31







but the parameter would be consisting field name not data

– Far
Dec 29 '18 at 13:31















You can't parameterize column names. It seems odd to insert the column name as a column value too. Is that your intent?

– Dan Guzman
Dec 29 '18 at 13:50





You can't parameterize column names. It seems odd to insert the column name as a column value too. Is that your intent?

– Dan Guzman
Dec 29 '18 at 13:50




2




2





start by NOT using addwithvalue anywhere.

– SMor
Dec 29 '18 at 16:01





start by NOT using addwithvalue anywhere.

– SMor
Dec 29 '18 at 16:01




1




1





@Dan Guzman You can't parameterize column names, are you sure you cant? Theres nothing stopping me from calling an sp which has params, that can take column names to build what I want using dynamic sql...

– Çöđěxěŕ
Dec 29 '18 at 16:12







@Dan Guzman You can't parameterize column names, are you sure you cant? Theres nothing stopping me from calling an sp which has params, that can take column names to build what I want using dynamic sql...

– Çöđěxěŕ
Dec 29 '18 at 16:12














1 Answer
1






active

oldest

votes


















-1














I put the following line of code which solved the problem



 Dim Param As String="@" & WhichListID

 cmd.Parameters.AddWithValue(Param , "45675671")





share|improve this answer























    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53969948%2fhow-do-i-specify-a-variable-in-cmd-parameters-addwithvalue-variable%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    -1














    I put the following line of code which solved the problem



     Dim Param As String="@" & WhichListID
    
 cmd.Parameters.AddWithValue(Param , "45675671")





    share|improve this answer




























      -1














      I put the following line of code which solved the problem



       Dim Param As String="@" & WhichListID
      
 cmd.Parameters.AddWithValue(Param , "45675671")





      share|improve this answer


























        -1












        -1








        -1







        I put the following line of code which solved the problem



         Dim Param As String="@" & WhichListID
        
 cmd.Parameters.AddWithValue(Param , "45675671")





        share|improve this answer













        I put the following line of code which solved the problem



         Dim Param As String="@" & WhichListID
        
 cmd.Parameters.AddWithValue(Param , "45675671")






        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Dec 29 '18 at 14:18









        FarFar

        48112




        48112






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53969948%2fhow-do-i-specify-a-variable-in-cmd-parameters-addwithvalue-variable%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Monofisismo

            Image
            Monofisismo (do grego: monos - "único, singular" e physis - "natureza") é o ponto de vista cristológico que defende que, depois da união do divino e do humano na encarnação histórica, Jesus Cristo, como encarnação do Filho ou Verbo ( Logos ) de Deus, teria apenas uma única "natureza", a divina, e não uma síntese de ambas. O monofisismo é contraposto pelo diofisismo (ou "diafisismo"), que defende que Jesus preservou em si as duas naturezas. Historicamente, o monofisismo se refere primordialmente à posição dos que (especialmente no Egito e, em menor grau, na Síria) rejeitaram as decisões do Concílio de Calcedônia em 451 (o quarto concílio ecumênico). Os membros mais moderados entre eles, porém, defendem a teologia "miafisita", que se tornou a oficial para as Igrejas Ortodoxas Orientais. Muitos ortodoxos orientais, porém, rejeitam essa classificação, mesmo como um termo genérico, mas ele é amplamente utilizado na literatura históri...
            Read more

            compose and upload a new article using a custom form

            Image
            -5 1 I'm starting to learn about php trying to achieve the goal of make my first custom form. From what I understand, it's possible to collect data from a form you can compose and customize to get information like title, subtitle, uploaded images and of course the main text of a supposed post and collect them in an html file that the form itself plus a php file can store in a folder on my server. what i would like to understand better is if i can compose the form making it be able to include the collected information between pieces of code i don't wanna write anytime in the fields of the form. i also need to understand how to make it be able to save the final html file with a different suffix like an increasing number at the end of the name to be sure no older file created this way is going to be lost...
            Read more

            How to correct the classpath of spring boot application so that it contains a single, compatible version of...

            Image
            0 I am trying to add a participantRepository interface (which implements CrudRepository) to my spring boot application. But the basic code for this interface gives an error when it is run saying that the classpath of the application must be corrected. How can I do this and is there another modification I can do to run the code correctly? //Participant class package com.example.spring2.participants; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.*; import javax.persistence.Entity; import javax.persistence.Id; import java.util.List; @Entity public class Participant { @Id private String name; private int age; private String job; @Autowired private ParticipentService participentService; public Participant(...
            Read more