Home/ Questions/Q 7248221
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-28T22:06:33+00:00

The name of the Schema in our database is dynamic. Why won’t the following

  • 0

The name of the Schema in our database is dynamic. Why won’t the following work?

public void ReadVersion(string connString, string schemaName) 
{
    string selectCommand = "SELECT major FROM [@SchemaName].[version]");
    using (SqlConnection sqlConn = new SqlConnection(connString)) 
    {
        using (SqlCommand cmd = new SqlCommand(selectCommand, sqlConn)) 
        {
            sqlConn.Open();
            cmd.Parameters.AddWithValue("@SchemaName", schemaName);
            object result = cmd.ExecuteScalar();
        }
    }
}

When the command is executed, the parameter value is not substituted. Is this a limitation of the SqlCommand Parameters?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can’t do the following in plain SQL (so ignoring all of the ADO.Net overheads):

    DECLARE @SchemaName sysname
SET @SchemaName = 'dbo'
SELECT major FROM @SchemaName.[version]

    And the reason is simple. What SQL wants after FROM is a name. What you’re trying to give it is a string. SQL Server doesn’t randomly start peering inside of strings to see if they resemble some other construct.

    To your sanitation query, assuming that you’re keeping the schema names sane, just use a simple regex on the schema name before you trust it (e.g. ^[A-Z][A-Z0-9]+$ should be enough for most uses). Make sure you use a whitelist (allowed characters) rather than a blacklist.

    • 0