Insert Parameterized Query ASP.NET MS SQL

Question

Here is my SQLCommand object:

oCommand.CommandText = 
"INSERT INTO hits (id,client_id,client_ip,page,vars) VALUES _
                     (@@IDENTITY,@client_id,@ip,@page,@vars)"
oCommand.Parameters.Count = 4
 >>   oCommand.Parameters.Item(0).ParameterName = "@client_id"
 >>   oCommand.Parameters.Item(0).Value = "123456"
 >>   oCommand.Parameters.Item(1).ParameterName = "@ip"
 >>   oCommand.Parameters.Item(1).Value = "127.0.0.1"
 >>   oCommand.Parameters.Item(2).ParameterName = "@page"
 >>   oCommand.Parameters.Item(2).Value = "default.aspx"
 >>   oCommand.Parameters.Item(3).ParameterName = "@vars"
 >>   oCommand.Parameters.Item(3).Value = Nothing

This is the error I get:

"The parameterized query '(@ip nvarchar(9),@client_id nvarchar(4000),@page nvarchar(12),@v' expects the parameter '@client_id', which was not supplied."

And here are the functions:

Public Shared Function insertIntoHitTable(ByVal oData As gsTrack) As Boolean
    Dim oObj As New List(Of Object())
    oObj.Add(New Object() {"@client_id", cV(oData.ClientID)})
    oObj.Add(New Object() {"@ip", cV(oData.IP)})
    oObj.Add(New Object() {"@page", cV(oData.Page)})
    oObj.Add(New Object() {"@vars", oData.Vars})
    Dim oCommand As SqlCommand = InsertIntoHitTableSQL(oObj)
    oCommand.Connection.Open()
    oCommand.ExecuteNonQuery()
    oCommand.Connection.Close()
End Function

Public Shared Function createSQLCommand(ByVal oCmdTxt As String, ByVal oParams As List(Of Object())) As SqlCommand
    Dim oCommand As SqlCommand = Nothing
    Dim oBuilder As New StringBuilder
    Dim oParam As SqlParameter
    oCommand = New SqlCommand(oCmdTxt, New SqlConnection(csString))
    Try
        For i As Integer = 0 To oParams.Count - 1
            oParam = New SqlParameter
            oParam.ParameterName = oParams(i)(0)
            oParam.Value = oParams(i)(1)
            oCommand.Parameters.Add(oParam)
            oParam = Nothing
        Next
        Return oCommand
    Catch ex As Exception
        Return Nothing
    End Try
End Function

Any pointers on how to resolve this parametrized query error? thanks!

EDIT

I should note that cV() just a scrubbing function, it checks to see if the passed variable is nothing.

Answer 1

In the CV function are you checking to see if the value is null? One of the sites I see documents that you need to pass a value of DBNull.value instead of null.

Answer 2

I believe the parameter count and index is getting slightly offset since you specify @@IDENTIDY in the insert statement. I typically follow the following syntax when doing a parameterized query:

oCommand = New SqlCommand("INSERT INTO hits (id,client_id,client_ip,page,vars) VALUES (@@IDENTITY,@client_id,@ip,@page,@vars)", CONNECTION OBJECT)

oCommand.CommandType = CommandType.StoredProcedure
oCommand.Parameters.Add("@client_id", SqlDbType.Integer, 10)
oCommand.Parameters("@client_id").Direction = ParameterDirection.Input
oCommand.Parameters("@client_id").Value = cV(oData.ClientID)
oCommand.Parameters.Add("@ip", SqlDbType.VarChar, 15)
oCommand.Parameters("@ip").Direction = ParameterDirection.Input
oCommand.Parameters("@ip").Value = cV(oData.IP)

oCommand.Connection.Open()
oCommand.ExecuteNonQuery()
oCommand.Connection.Close()

...and you can see how the rest would follow for the rest of your parameters.

Answer 3

It is necessary to specify the @@IDENTITY if my id column is auto-incrementing correct?

Answer 4

You should NEVER use @@identity. If the column is an identity, simply do not specify it in the values list. If you are using it anywhere to get the value you just inserted, then use scope_identity() instead unless you like data integrity problems.