views:

38

answers:

2

I have a table with a PK column of type uniqueidentifier.

I am trying to write an update statement from C#, where I have the identifier as a string.

Here is the code I am trying:

      string sql_start = "update SecurityUserGroup set ";
        int paramPos = 0;
        var paramList = new List<SqlParameter>();
        if (roleName != null)
        {
            sql_start += " RoleName = '{" + paramPos + "}'";
            paramList.Add(new SqlParameter(""+paramPos, roleName));
            paramPos++;
        } 
        if (activeDirectoryGroup != null)
        {
            sql_start += " ActiveDirectoryGroup = '{" + paramPos + "}'";
            paramList.Add(new SqlParameter(""+paramPos, activeDirectoryGroup));
            paramPos++;
        }
        //sql_start += " where SecurityUserGroupId = cast('{" + paramPos + "}' as uniqueidentifier)";
        //sql_start += " where SecurityUserGroupId = convert(uniqueidentifier, '{" + paramPos + "}')";
        sql_start += @" where SecurityUserGroupId = '{" + paramPos + @"}'";
        paramList.Add(new SqlParameter(""+paramPos, new Guid(id)));
        //paramList.Add(new SqlParameter(""+paramPos, id));
        SqlHelper.ExecSql(sql_start, paramList);

The SqlHelper.ExecSql function does this:

    public static void ExecSql(string sql, List<SqlParameter> parms)
    {
        using (SqlConnection con = GetConnection())
        {
            SqlCommand command = new SqlCommand(sql, con) {CommandType = CommandType.Text};

            foreach (SqlParameter parm in parms)
            {
                command.Parameters.Add(parm);
            }

            command.ExecuteNonQuery();
        }

    }

But I either get invalid syntax or "Conversion failed when converting from a character string to uniqueidentifier"

I previously had this problem on the extraction and ended up putting the conversion into a stored procedure and it seems I will need to make this into a stored procedure too.

Thanks in advance for any thoughts/tips on this.

EDIT: A sample id looks like this "45d9ec51-1e52-49d8-9139-51f18fe13563", which looks like what I see on the table via Management Studio.

EDIT2: Here is the code that worked in the end (using @ instead of {}):

        var sql_start = new StringBuilder("update SecurityUserGroup set ");
        int paramPos = 0;
        var paramList = new List<SqlParameter>();
        if (roleName != null)
        {
            sql_start.Append(" RoleName = @" + paramPos);
            paramList.Add(new SqlParameter("@"+paramPos, roleName));
            paramPos++;
        } 
        if (activeDirectoryGroup != null)
        {
            if (paramPos > 0) sql_start.Append(",");
            sql_start.Append(" ActiveDirectoryGroup = @" + paramPos);
            paramList.Add(new SqlParameter("@"+paramPos, activeDirectoryGroup));
            paramPos++;
        }
        sql_start.Append(" where SecurityUserGroupId = @id");
        paramList.Add(new SqlParameter("@id", id));
        SqlHelper.ExecSql(sql_start.ToString(), paramList);

Regards, Chris

+1  A: 

Not sure - but maybe SQL Server misinterprets your parameter value as a string, instead of a GUID, here:

paramList.Add(new SqlParameter(""+paramPos, new Guid(id)));

I would add this using:

SqlParameter workParam = new SqlParameter("" + paramPos, SqlDbType.Uniqueidentifier);
workParam.Value = new Guid(id);
paramList.Add(workParam);

If you create the SqlParameter with an explicit, specific type, SQL Server won't have to auto-interpret your stuff and maybe get it wrong...

marc_s
Thanks, but that doesnt work either. Same error relating to failing to convert string to uniqueidentifier. Tried with/without convert function, even tried without quotes around the uniqueidentifier. I feel a stored proc coming on.
Chris Kimpton
+1  A: 

Best I could make out, your dynamically created SQL is going to end up looking something like :

update SecurityUserGroup set RoleName = '{0}' ActiveDirectoryGroup = '{1}' where SecurityUserGroupId = '{2}'

When what you probably need is something like :

update SecurityUserGroup set RoleName = @RoleName, ActiveDirectoryGroup = @ActiveDirectoryGroup where SecurityUserGroupId = @SecurityUserGroupId

To do that, replace code like :

sql_start += @" where SecurityUserGroupId = '{" + paramPos + @"}'";
paramList.Add(new SqlParameter(""+paramPos, new Guid(id)));

with code like :

sql_start += " where SecurityUserGroupId = @SecurityUserGroupId";
paramList.Add(new SqlParameter("@SecurityUserGroupId", new Guid(id)));
Moe Sisko
Thanks - that did the trick. And also thanks for pointing out SQL comma problem.
Chris Kimpton