i received sql error in autocad plug-in application. “[token line number =1, token line offset = 110, token in error = desc]”. step through table pulling dbtext information , pass database. based on posts i’ve attempt adding [] around table name , @ before values neither solution worked.
using mytrans transaction = mydb.transactionmanager.starttransaction dim mylayertable layertable = mydb.layertableid.getobject(openmode.forread) each mylayerid objectid in mylayertable dim mylayer layertablerecord = mylayerid.getobject(openmode.forread) if mylayer <> nothing dim name string = mylayer.name, isoff boolean = mylayer.isoff, frozen boolean = mylayer.isfrozen, locked boolean = mylayer.islocked, color string = mylayer.color.colornamefordisplay, linetype string = mylayer.linetypeobjectid.tostring, lineweight string = mylayer.lineweight.tostring, transparency string = mylayer.transparency.tostring, plotstyle string = mylayer.plotstylenameid.tostring, isplottable boolean = mylayer.isplottable, vv boolean = mylayer.viewportvisibilitydefault, desc string = mylayer.description dim nd string = "insert layers (name, isoff, frozen, locked, color, linetype, lineweight, transparency, isplottable, vv, desc) " & _ "values (" & _ "'" & name & "', " & _ "'" & isoff & "', " & _ "'" & frozen & "', " & _ "'" & locked & "', " & _ "'" & color & "', " & _ "'" & linetype & "', " & _ "'" & lineweight & "', " & _ "'" & transparency & "', " & _ "'" & isplottable & "', " & _ "'" & vv & "', " & _ "'" & desc & "')" cecon.dataupdate(nd) end if next mytrans.abort() end using private cecon new sqlceconnection("data source=d:\documents\test.sdf;persist security info=false;") private cecmd sqlcecommand public ceda sqlcedataadapter public cedt datatable public params new list(of sqlceparameter) public recordcount integer public exception string public sub execquery(query string) ' reset query stats recordcount = 0 exception = "" try cecon.open() cecmd = new sqlcecommand(query, cecon) params.foreach(sub(p) cecmd.parameters.add(p)) params.clear() cedt = new datatable ceda = new sqlcedataadapter(cecmd) recordcount = ceda.fill(cedt) catch ex exception exception = ex.message if cecon.state = connectionstate.open cecon.close() end try end sub public function dataupdate(command string) integer try cecon.open() cecmd = new sqlcecommand(command, cecon) dim changecount integer = cecmd.executenonquery cecon.close() return changecount catch ex exception msgbox(ex.message) end try if cecon.state = connectionstate.open cecon.close() return 0 end function
desc reserved keyword in sql database of world. need square brackets around word. [desc] or better change name less problematic.
and not problem in code. if of variables contains single quote invalid sql command produced concatenation of strings. (i let discover problems connected sql injection destroy database)
so need parameterized query
dim nd string = "insert layers (name, isoff, frozen, locked, color, linetype, lineweight, transparency, isplottable, vv, [desc]) values (@name, @isoff, @frozen, @locked, @color, @linetype, @lineweight, @transparency, @isplottable, @vv, @desc)" dim prms = new list(of sqlceparameter)() prms.add(new sqlceparameter("@name", sqldbtype.nvarchar) {.value = name}) prms.add(new sqlceparameter("@isoff", sqldbtype.bit) {.value = isoff}) prms.add(new sqlceparameter("@frozen", sqldbtype.bit) {.value = frozen}) prms.add(new sqlceparameter("@locked", sqldbtype.bit) {.value = locked}) prms.add(new sqlceparameter("@color", sqldbtype.nvarchar) {.value = color}) prms.add(new sqlceparameter("@linetype", sqldbtype.nvarchar) {.value = linetype}) prms.add(new sqlceparameter("@lineweight", sqldbtype.nvarchar) {.value = lineweight}) prms.add(new sqlceparameter("@transparency", sqldbtype.nvarchar) {.value = transparency}) prms.add(new sqlceparameter("@isplottable", sqldbtype.bit) {.value = isplottable}) prms.add(new sqlceparameter("@vv", sqldbtype.bit) {.value = vv}) prms.add(new sqlceparameter("@desc", sqldbtype.nvarchar) {.value = desc}) cecon.dataupdate(nd, prms) this means need change dataupdate procedure receive list of parameters values
public function dataupdate(command string, prms list(of sqlceparameter)) integer try cecon.open() cecmd = new sqlcecommand(command, cecon) if prms not nothing cecmd.parameters.addrange(prms.toarray()) end if dim changecount integer = cecmd.executenonquery cecon.close() return changecount catch ex exception msgbox(ex.message) end try if cecon.state = connectionstate.open cecon.close() return 0 end function 
Comments
Post a Comment