I built a prototype system with some database queries. Since it was just a

Question

0

Asked: May 23, 20262026-05-23T20:07:38+00:00 2026-05-23T20:07:38+00:00

I built a prototype system with some database queries. Since it was just a

0

I built a prototype system with some database queries. Since it was just a prototype and I was very new to databases, I just used a direct string. This is the string I used and it works fine:

command = New OleDbCommand("SELECT * FROM " + prefix + "CanonicForms WHERE Type=1 AND Canonic_Form='" + item + "'", dictionary_connection)

Now, in putting it in a real system, I wanted to use the more secure parametized method, so after some googling I came up with this:

command = New OleDbCommand("SELECT * FROM @prefix WHERE Type=1 AND Canonic_Form=@form", dictionary_connection)
command.Parameters.AddWithValue("@prefix", prefix + "CanonicForms")
command.Parameters.AddWithValue("@form", item)

But all I get is an error for an incomplete query clause. What have I done differently between the two?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-23T20:07:39+00:00

Editorial Team

2026-05-23T20:07:39+00:00Added an answer on May 23, 2026 at 8:07 pm

Your table name can’t be a parameter. You might have to do some form of concatenation. It’s not really a parameter in the formal sense of the word.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I built a prototype system with some database queries. Since it was just a

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply