nVarchar and SqlParameter

c# nvarchar sqlparameter
14,738

Solution 1

Add(string, object) has been deprecated for this reason (from Pablo Castro of the SQL Server team):

The problem is that both the C# and the VB.NET compilers will expose very weird behavior for this code:

command.Parameters.Add(“@p”, 0);

you may expect this to use the overload that takes an object and assign the value 0 to it, but instead it will pick the overload that takes a SqlDbType as the second parameter! In order to avoid this (and potentially others) ambiguity between the Add(string, sqldbtype) and Add(string, object), we deprecated Add(string, object) and introduced AddWithValue(string, object). In general, having multiple overloads where the distinguishing parameter type is “object” in one of them is a dangerous thing to do.

Solution 2

You should parametrize your inserts with SqlParameters which allow you to specify the datatype explicitly. (Also it saves you the headache of figuring out the SQL server injection attack your query caused).

Example:

SqlCommand cmd  = new SqlCommand("insert into tbl_text (text) values(@MYTEXT)", myConnection);
cmd.Parameters.Add(new SqlParameter("@MYTEXT", SqlDbType.NVarChar)).Value = "Chci tančit v";
cmd.ExecuteNonQuery();

Solution 3

Don't put "N" before the parameter name, it is only used when using string constant to indicate it is a unicode string. So your query should be: 

insert into tbl_text(text) values (@text)
Share:
14,738
Admin
Author by

Admin

Updated on June 17, 2022

Comments

  • Admin
    Admin almost 2 years

    I'm developing an application which must support several languages. To solve the special characters problem I'm using NVarhcar for my text fields. So my SQL query for a text field is 

    insert into tbl_text(text)values(N'Chci tančit v oblasti')

    My problem is to put it in SqlCommand, wich is "insert into tbl_text(text)values(N@text)". It saves "N@text" in the DB table, sure.

    Do you guys know someway to do it? I'm using C# and SQL 2008.

    Sorry if it was hard to understand my question. My English is poor =/

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to create NVarchar(max) Sqlparameter in C#?
poor performance with sqlparameter
SqlParameter does not allows Table name - other options without sql injection attack?
The data types ntext and nvarchar are incompatible in the equal to operator
What does SqlDbType.Structured mean?
How to pass correct object value in SqlParameter for datatype bit?
Escaping special characters in a SQL LIKE statement using sql parameters
Return value from OleDbCommand
how to pass sql parameter as null value in integer datatype variable?
Passing null as SQLParameter DateTime value