I need help. How do I add a WHERE clause when call a stored procedure.

Question

0.00/5 (No votes)

See more:

I am trying upload a file path to a specific record where = txtBox.text

C#

void UploadSOW()
        {
            string filePath = Server.MapPath("~/Uploads/" + FileUpload1.FileName);

            FileUpload1.SaveAs(filePath);
            lblResult.Text = "Your file was successfully uploaded!" + Path.GetFileName(FileUpload1.FileName).ToString();

            SqlCommand cmd = new SqlCommand();
            con.Open();
            cmd.Connection = con;
            cmd.CommandType = CommandType.StoredProcedure;
            cmd.CommandText = "tblSystem_Upload_SOW";
            cmd.Parameters.AddWithValue("@SOW", FileUpload1.FileName);
            cmd.ExecuteNonQuery();
            cmd.Dispose();
            con.Dispose();
            con.Close();

            FillSysGrid();

        }

What I have tried:

I have tried to look all over the internet for some hint.

Posted 3-Jul-22 19:39pm

Kong Lee 2022

Updated 4-Jul-22 7:03am

PIEBALDconsult

v2

Add a Solution

4 solutions

Solution 1

You can't add a WHERE clause to a call of a stored procedure: the WHERE clause is only applicable to some SQL statements like SELECT and UPDATE - it won't work at all with an INSERT for example.

If you want a WHERE clause, you need to change the SP to include it where relevant, and pass the data to compare as a parameter to the SP when you call it.

Posted 3-Jul-22 20:03pm

OriginalGriff

Solution 2

You don't.

If you're calling a stored procedure, you have to pass any parameters required by the stored procedure. That means passing values, not a WHERE clause. The stored procedure can then use that value in a WHERE clause, if it's properly written.

Posted 3-Jul-22 20:04pm

Dave Kreskowiak

Solution 3

Actually technically you can pass a where clause to an SP - you would need to pass the where clause as a text parameter then construct the SQL statement within the SP as dynamic SQL.
If you google Dynamic SQL for a solution but also google SQL Injection (which is a potential drawback) for solutions on how to protect against this.

Posted 3-Jul-22 23:00pm

MarkB123

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Kong Lee 2022 · Accepted Answer · 2022-07-04T07:03:00

Thank you all for the help. I found a work around although it may not be the ideal or correct approach but it does what I need for school project. I just update the column with the file path where it equals to sysName.

void UploadSOW()
        {
            string filePath = Server.MapPath(@"~/Uploads/" + FileUpload1.FileName);

            FileUpload1.SaveAs(filePath);
            lblResult.Text = "Your file was successfully uploaded!" + Path.GetFileName(FileUpload1.FileName).ToString();

            con.Open();

            SqlCommand cmd = new SqlCommand(
                "UPDATE tblSystem " +
                "SET sysSOW = '"+FileUpload1.FileName+"' " +
                "WHERE sysName = '"+txtSysName.Text+"'", con);

            cmd.ExecuteNonQuery();
            cmd.Dispose();
            con.Dispose();
            con.Close();

            FillSysGrid();

        }