Home/ Questions/Q 6226601
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-24T09:03:43+00:00

My current best code is: string delNonQuery = DELETE FROM + Settings.DataSource + WHERE

  • 0

My current best code is:

string delNonQuery = "DELETE FROM " + Settings.DataSource + " WHERE @keycolumn=@keyuid";

SqlCommand cmd = new SqlCommand(delNonQuery,readerConn);
SqlParameter kc = new SqlParameter("keycolumn", SqlDbType.VarChar);
SqlParameter key = new SqlParameter("keyuid", SqlDbType.VarChar);
cmd.Parameters.Add(kc).Value = Settings.KeyColumn;
cmd.Parameters.Add(key).Value = Page.Request["key"].ToString().Trim();

readerConn.Open();
cmd.ExecuteScalar();
readerConn.Close();

This executes but affects a whopping zero rows. If I change the SqlDbType on keyuid to UniqueIdentifier it just ends up with me getting a dozen variations on “failed to convert character string into uniqueidentifier”. I have to use a parameterized query for data cleanliness, I’m just really stuck as to how…

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can’t specify a parameter for a column name – you need to concatenate it the same way you do for the table name.

    This:

    "DELETE FROM " + Settings.DataSource + " WHERE @keycolumn=@keyuid"

    Should change to:

    "DELETE FROM " + Settings.DataSource + " WHERE " + Settings.KeyColumn + " =@keyuid"

    Though I would probably write it as:

    string delNonQuery = string.Format("DELETE FROM {0} WHERE {1} = @keyuid", 
                                   Settings.DataSource, 
                                   Settings.KeyColumn);

    For completeness sake, I will mention that this is open to SQL injection. You need to make sure your Settings values are clean.

    • 0