Menu
In a C# application, I'm building a query by creating a query string with parameters, then to the command adding the parameters and their values. For example:
string query = "UPDATE USERS u SET u.username = @PARM_USERNAME " +
"WHERE u.id = @PARM_USERID ";
command.Parameters.AddWithValue("@PARM_USERNAME", user.username);
command.Parameters.AddWithValue("@PARM_USERID", user.id);
command.Connection.Open();
int res = command.ExecuteNonQuery();
It would be beneficial to see the query with parameters applied, is this doable in C#/Visual Studio? I can check the command.CommandText, but it's only showing me the same content as the query above, with the parameter placeholders there. If it helps, this is against MySQL.
311
A parameter query is one of the simplest and most useful advanced queries you can create. It allows you to create a query that can be updated easily to reflect a new search term. When you open a parameter query, Access will prompt you for a search term and then show you query results that reflect your search.
Parameterized SQL queries allow you to place parameters in an SQL query instead of a constant value. A parameter takes a value only when the query is executed, which allows the query to be reused with different values and for different purposes.
SQL queries with parameters, also known as SQL templates, are a flexible and efficient solution for repetitive data reporting requirements, for instance allowing users to easily execute complex join statements with multiple sets of values.
If you want to see the query with parameters applied:
string tmp = command.CommandText.ToString();
foreach (SqlParameter p in cmd.Parameters) {
tmp = tmp.Replace('@' + p.ParameterName.ToString(),"'" + p.Value.ToString() + "'");
}
tmp will then hold the query with the parameters applied. Each parameter will be surrounded by single quotes.
Of course, it is NOT safe to execute. I use it for debugging purposes.
194
There's no guarantee that there is such a thing as "the query with the parameters applied". I would hope that a driver would simply send down the command as SQL and the parameters in an appropriate form to represent each value. Why go to the bother of escaping values etc, only for the query processor to unescape them and parse them at the other side? It's more efficient and less risky to just pass the data in a binary format of some description.
You should regard it as some code (the SQL) which uses some data (the parameters) and keep the two concepts very separate in your mind. If you need to log what's going on, I would log it as the parameterized SQL and the parameter values separately.
38
The parameters remain separate all the way to the server, so the query string you see is what actually goes to the server, independently from the parameters. So I think you need to deal more directly with understanding how parameterized queries work rather than trying to see what the query would look like with the parameters in place. You can use SQL trace to see the query come in. The parameters will still be separate, but it will show you the values.
My experience is with SQL Server, so I'm not sure how applicable this is to MySQL.
28
Not sure why you need this, but if it's for debugging purposes you can always turn on the global log on your local mysql database machine to see the query sent to the database (you don't want to turn it on on a production machine though - it might slow it down significantly).
29
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
