dynamic/variable table name C# sqlclient

StackOverflow https://stackoverflow.com/questions/19950390

  •  30-07-2022
  •  | 
  •  

문제

I have database tables that dynamically gets created. They all have the same name but with a unique ID at the end of the name like for example myTable1, myTable2 and so on.

I have these IDs but the question is how should my SQL look like in C# using sqlclient?

For example:

string sql = "SELECT * FROM myTable"+id;

Works but is still open for SQL injections

I've also tried:

string sql = "SELECT * FROM myTable@id";
command.Parameters.AddWithValue("id", id);

But does not work since the sql reads the table name as myTable@id not for example myTable1

Is there a way to insert parameters for the table name?

도움이 되었습니까?

해결책

Regular SQL can't have parameters on field names or table names, just on values.

Take a look at Dynamic SQL instead.

다른 팁

I think using column names in this particular query may do the job . 

string sql = "SELECT colName1, colName2 , colname ......FROM myTable"+id;
라이센스 : CC-BY-SA ~와 함께 속성
제휴하지 않습니다 StackOverflow
scroll top