alter proc SP_SelectAll @SQL varchar (1000) output as begin select person_ID,FullName,Email,Date_OF_Birth,Age,GenderValue,City, [DepartementName] ,[location],[DepartementHead] ,Salary from Person join PersonGender on Person.Gender_ID = PersonGender.Gender_ID join Departements on Person.DepartementID = Departements.Dpartement_ID join DatesOfBirth on Person.dateOfBirthID = DatesOfBirth.Date_ID end
Msg 156, Level 15, State 1, Procedure SP_GetEmployeeByGender, Line 7 [Batch Start Line 7] Incorrect syntax near the keyword 'select'.<pre>
using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.UI; using System.Web.UI.WebControls; using System.Configuration; using System.Data; using System.Data.SqlClient; namespace Learn_Ado { public partial class WebForm12 : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { } protected void Button1_Click(object sender, EventArgs e) { string cs = ConfigurationManager.ConnectionStrings["MSSQLDATABASE"].ConnectionString; using(SqlConnection con = new SqlConnection(cs)) { con.Open(); SqlDataAdapter da = new SqlDataAdapter("select * from tblStudents where Name like @Name;", con); da.SelectCommand.Parameters.AddWithValue("@Name",TextBox1.Text); DataSet ds = new DataSet(); da.Fill(ds); GridView1.DataSource = ds; GridView1.DataBind(); } } } } <pre>
const string CmdName = "selectSttment"; // Make it "const" so you can't inject values. int IDtoFind = @ParamName1; using (SqlConnection conn = new SqlConnection("...")) using (SqlCommand cmd = new SqlCommand(CmdName, conn)) { cmd.CommandType = CommandType.StoredProcedure; cmd.Parameters.AddWithValue("@ParamName1", IDtoFind); conn.Open(); using (SqlDataReader reader = cmd.ExecuteReader()) { while (reader.Read()) { ... } } } <pre>