Trying to parameterize the value of TOP in my sql statement.
SELECT TOP @topparam * from table1
command.Parameters.Add("@topparam",SqlDbType.VarChar, 10).Value = somevalue.ToString();
This doesn't seem to work. Anyone have any suggestions?
Just to clarify, I don't want to use stored procedures.
In SQL Server 2005 and above, you can do this:
SELECT TOP (@topparam) * from table1
You need to have at least SQL Server 2005. This code works fine in 2005/8 for example ...
DECLARE @iNum INT
SET @iNum = 10
SELECT TOP (@iNum) TableColumnID
FROM TableName
If you have SQL Server 2000, give this a try ...
CREATE PROCEDURE TopNRecords
@intTop INTEGER
AS
SET ROWCOUNT @intTop
SELECT * FROM SomeTable
SET ROWCOUNT 0
GO
You could write an inline query:
EXEC 'SELECT TOP ' + @topparam + ' * FROM ... '
Parse it as an int and that will prevent a SQL injection attack.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 叛逆 的文章《C# SQL Top as parameter》','https://www.manongdao.com/article-237121.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}