Parameterized query with parameter in select returns invalid data

Question

I have the following code:

string connectionString = 
    "Provider=Microsoft.JET.OLEDB.4.0;" + 
    "data source=" + processProgramPath + ";";

using (OleDbConnection connection = new OleDbConnection(connectionString))
{
    connection.Open();
    using (OleDbCommand command = new OleDbCommand(
        "SELECT @Value " +
        "FROM BONDPARAMETERS " +
        "WHERE BONDPARAMETERS.SetName = @SetName", connection))
    {
        command.Parameters.AddWithValue("@Value", value);
        command.Parameters.AddWithValue("@SetName", setName);               

        var result = command.ExecuteScalar();
        return result.ToString();
    }
}

What I am expecting to get is 760 as a result. However I am getting the title for the column which is StartForce.

value = "StartForce" setName = "450(18)-F-OE"

If I change the using to this:

using (OleDbCommand command = new OleDbCommand("SELECT "+value+" " +

it works. What gives?

Thanks in advance

score 1 · Accepted Answer · edited May 23 '17 at 12:14

1

You can't build SQL dynamically with parameters like that. See this question: Using C# SQL Parameterization on Column Names

edited May 23 '17 at 12:14

Community

1
1

answered Mar 22 '13 at 23:16

TheNextman

12,428
2
36
75

So would my work around be a valid way to do this then? Or is it as tacky as I feel it is? – Sean P Mar 22 '13 at 23:19

Parameterized query with parameter in select returns invalid data

1 Answers1