C# T-SQL statement includes “with(nolock)” error

Question

Short:

SQL statement in my C# code is not working. with(nolock) is breaking the code.

Detailed:

Below are my errors and the code where I am getting the error. The code is supposed to connect to my SQL Server database (connection code works fine) then run a query. This query will get the ip addresses of all events that have a uri of "blah". The issue seems to be my with(nolock) command that I am required to use. I have to use it as it's a group standard for all T-SQL queries.

I googled around for a while but nothing seems to fit my issue and the fixes I found haven't worked yet. Any help with my code or links would be greatly appreciated.

Error:

System.Data.SqlClient.SqlException was caught Message=Incorrect syntax near the keyword 'with'. If this statement is a common table expression, an xmlnamespaces clause or a change tracking context clause, the previous statement must be terminated with a semicolon.
Source=.Net SqlClient Data Provider ErrorCode=-2146232060 Class=15 LineNumber=1 Number=319 Procedure="" Server= State=1

Code:

try
{
   //create sql reader to display data
   SqlDataReader myReader = null;

   //create string to enter data into database
   string insString = @"select c_ip from @dates with(nolock) where cs_uri like 'blah'";
   SqlCommand myCommand = new SqlCommand(insString, DbConnection);

   //populate and sanitize parameters
   myCommand.Parameters.Add("@dates", SqlDbType.VarChar, 100);
   myCommand.Parameters["@dates"].Value = currentdate;

   //execute the command
   myReader = myCommand.ExecuteReader();

   //read all results and print them to output
   while (myReader.Read())
   {
      //get IPs              
      String ipmix = myReader["c_ip"].ToString();
      mainIPs.Add(ipmix);
   }
}
catch (Exception e)
{
   Console.WriteLine("The query connection to the datebase has timed out.\n");
   Console.WriteLine(e.ToString());
   Console.ReadLine();
}

Solution:

Change code from:

//create string to enter data into database
string insString = @"select c_ip from @dates with(nolock) where cs_uri like 'blah'";

to:

//create string to enter data into database
string insString = @"select c_ip from " + currentdate + " with(nolock) where cs_uri like '%blah'";

Answer 1

Get rid of the parameter code and add the tablename in when you build your select statement

string insString = @"select c_ip from " + currentdate + " with(nolock) where cs_uri like 'blah'";

Answer 2

Its not the WITH, its the @dates variable. You are basically creating the statement....

select c_ip from '12/28/2011 15:35:22.997' with(nolock) where cs_uri like 'blah'

Which makes no sense.

Also, your exception message to the user is not really correct. The error could have been any number of things (like "incorrect syntax"), but you are telling them its a timeout issue.

Based on your comment, you should just change the query text to be...

string insString = @"select c_ip from " + currentdate + " with(nolock) where cs_uri = 'blah'";

As you are generating the currentdate value in code and not from any user input, you are not at risk of SQL injection. Taking out the like and replacing it with an equals will also improve the query performance. Also, remove the parameters entirely.

Answer 3

you have asked it to select records from a table called @Dates. (where that is the date parameter) - that will evaluate to

select 'c_ip from 28-12-2011...'

You probably want something like

"select c_ip from logtable with(nolock) where cs_uri like 'blah' and log_date=@dates"

not forgetting that dates, if you're using DATETIME fields, are made up of a date and time component so you'll probably also want to construct a relevant date range from 00:00:00 to 23:59:59 (or use currentdate+1 to catch the midnight overlap)

That gives you

select c_ip from logtable with(nolock) where (cs_uri like '%blah%') and (log_date between @startdate and @enddate)