Call a stored procedure with parameter in c#

Question

I'm able to delete, insert and update in my program and I try to do an insert by calling a created stored procedure from my database.

This button insert I made works well.

private void btnAdd_Click(object sender, EventArgs e)
{
        SqlConnection con = new SqlConnection(dc.Con);
        SqlCommand cmd = new SqlCommand("Command String", con);
        
        da.InsertCommand = new SqlCommand("INSERT INTO tblContacts VALUES (@FirstName, @LastName)", con);
        da.InsertCommand.Parameters.Add("@FirstName", SqlDbType.VarChar).Value = txtFirstName.Text;
        da.InsertCommand.Parameters.Add("@LastName", SqlDbType.VarChar).Value = txtLastName.Text;

        con.Open();
        da.InsertCommand.ExecuteNonQuery();
        con.Close();

        dt.Clear();
        da.Fill(dt);
    }

This is the start of the button that calls the procedure named sp_Add_contact to add a contact. The two parameters for sp_Add_contact(@FirstName,@LastName). I searched on google for some good examples but found nothing interesting.

private void button1_Click(object sender, EventArgs e)
{
        SqlConnection con = new SqlConnection(dc.Con);
        SqlCommand cmd = new SqlCommand("Command String", con);
        cmd.CommandType = CommandType.StoredProcedure;

        ???
        
        con.Open();
        da. ???.ExecuteNonQuery();
        con.Close();

        dt.Clear();
        da.Fill(dt);
    }

Just an extra bit of info - you should not name your application stored procedures with an sp_ prefix, like above with sp_Add_contact. the sp_ prefix is a system stored proc naming convention, that, when SQL sees it, will search through all system stored procedures first before any application or user space stored procs. As a matter of performance, if you care about that in your application, the sp_ prefix will degrade your response times. — Robert Achmann, Nov 25 '14 at 16:43

score 304 · Accepted Answer · answered Sep 24 '11 at 23:16

304

It's pretty much the same as running a query. In your original code you are creating a command object, putting it in the cmd variable, and never use it. Here, however, you will use that instead of da.InsertCommand.

Also, use a using for all disposable objects, so that you are sure that they are disposed properly:

private void button1_Click(object sender, EventArgs e) {
  using (SqlConnection con = new SqlConnection(dc.Con)) {
    using (SqlCommand cmd = new SqlCommand("sp_Add_contact", con)) {
      cmd.CommandType = CommandType.StoredProcedure;

      cmd.Parameters.Add("@FirstName", SqlDbType.VarChar).Value = txtFirstName.Text;
      cmd.Parameters.Add("@LastName", SqlDbType.VarChar).Value = txtLastName.Text;

      con.Open();
      cmd.ExecuteNonQuery();
    }
  }
}

answered Sep 24 '11 at 23:16

Guffa

687,336
108
737
1,005

9

but if this procedure returns data, how can I catch it in C#? – MA9H Apr 16 '13 at 15:16
10

@M009: Then you use `ExecuteReader` or `ExecuteScalar` to call it. – Guffa Apr 16 '13 at 18:36
Actually I figured it out, first you have to use the "cmd" to declare and initialize a SqlDataAdapter as: [SqlDataAdapter da = new SqlDataAdapter(cmd);], then [da.SelectCommand = cmd;], and finally [da.Fill(ds);] where "ds" is a dataset that you have previously declared.. Then you can use this dataset to read data anyway you desire :) – MA9H Apr 17 '13 at 15:46
2

@M009: Yes, that is another way to do the same thing. The data adapter uses `ExecuteReader`. – Guffa Apr 17 '13 at 21:35
@volearix: Regarding your suggested edit; There is no "standard C# bracketing format", and all brackets that are not strictly needed should not be removed. – Guffa Nov 13 '14 at 17:19
Just an extra bit of info - you should not name your application stored procedures with an sp_ prefix, like above with sp_Add_contact. the sp_ prefix is a system stored proc naming convention, that, when SQL sees it, will search through all system stored procedures first before any application or user space stored procs. As a matter of performance, if you care about that in your application, the sp_ prefix will degrade your response times. – Robert Achmann Nov 25 '14 at 03:23
@RobertAchmann: I am vwry well aware of that, but didn't think to comment on it at the time. You should direct that comment to the OP, as thats where the procedure name comes from. – Guffa Nov 25 '14 at 09:08
@Guffa - 'above' should have been 'above in OP' - I didn't mean to direct this at you... This was the accepted answer, so I posted my comment here - sorry, I'll put this under the OP next time... :) – Robert Achmann Nov 25 '14 at 16:42
does the parameters' case matter? are `@FirstName` and `@FIRSTNAME` the same? – Dylan Czenski May 06 '16 at 15:33
1

@DylanChen: That depends on the database settings. The default setting is that identifiers are not case sensetive. – Guffa May 10 '16 at 08:37
@Guffa do you mean the settings in SQL Server/SQL Developer, or in Visual Studio's Server Explorer? – Dylan Czenski May 11 '16 at 14:55
1

@DylanChen: It's the collation setting of the database that determines whether identifiers are case sensetive. – Guffa May 12 '16 at 14:22
Hello all, this answer just helped me out. My only question is: does writing your stored procedure name as a parameter in the SqlCommand constructor automatically resolve your stored procedure in the DB without having to tell the C# app what it is somehow? – Jun 02 '17 at 23:04

score 44 · Answer 2 · edited Sep 11 '19 at 18:32

44

You have to add parameters since it is needed for the SP to execute

using (SqlConnection con = new SqlConnection(dc.Con))
{
    using (SqlCommand cmd = new SqlCommand("SP_ADD", con))
    {
        cmd.CommandType = CommandType.StoredProcedure;
        cmd.Parameters.AddWithValue("@FirstName", txtfirstname.Text);
        cmd.Parameters.AddWithValue("@LastName", txtlastname.Text);
        con.Open();
        cmd.ExecuteNonQuery();
    }            
}

edited Sep 11 '19 at 18:32

Community

1
1

answered Sep 24 '11 at 23:19

Ravi Gadag

15,735
5
57
83

10

AddWithValue is a bad idea; SQL Server doesn't always use the correct length for nvarchar or varchar, causing an implicit conversion to occur. It's better to specify the parameter's length explicitly, and then add the value separately using `parameter.Value = txtfirstname`. – George Stocker Nov 18 '14 at 13:31
I'm curious, what's an example of such incorrect "implicit conversion"? (One can learn much by seeing things fail.) – FloverOwe Mar 11 '22 at 23:47

Rahul Nikate · Answer 3 · 2021-02-19T08:50:19.133

18

cmd.Parameters.Add(String parameterName, Object value) is deprecated now. Instead use cmd.Parameters.AddWithValue(String parameterName, Object value)

Add(String parameterName, Object value) has been deprecated. Use AddWithValue(String parameterName, Object value)

There is no difference in terms of functionality. The reason they deprecated the cmd.Parameters.Add(String parameterName, Object value) in favor of AddWithValue(String parameterName, Object value) is to give more clarity. Here is the MSDN reference for the same

private void button1_Click(object sender, EventArgs e) {
  using (SqlConnection con = new SqlConnection(dc.Con)) {
    using (SqlCommand cmd = new SqlCommand("sp_Add_contact", con)) {
      cmd.CommandType = CommandType.StoredProcedure;

      cmd.Parameters.AddWithValue("@FirstName", SqlDbType.VarChar).Value = txtFirstName.Text;
      cmd.Parameters.AddWithValue("@LastName", SqlDbType.VarChar).Value = txtLastName.Text;

      con.Open();
      cmd.ExecuteNonQuery();
    }
  }
}

edited Feb 19 '21 at 08:50

answered Apr 10 '15 at 06:15

Rahul Nikate

6,192
5
42
54

The comment about Add being deprecated is valid, and invalidates the accepted answer. Quote: "AddWithValue replaces the Add method .. that takes a string and an object was deprecated because of possible ambiguity with the SqlParameterCollection.Add overload... Use AddWithValue whenever you want to add a parameter by specifying its name and value." https://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlparametercollection.addwithvalue%28v=vs.110%29.aspx Corrected syntax of example by @RahulNikate. – TonyG May 20 '15 at 16:52
7

@TonyG: that's not true, the accepted answer uses the preferred overload of `Add` which is also not deprecated. `AddWithValue` is also not the best way since it infers the type of the parameter from the paramater value. This often leads to bad execution plans or incorrect conversions. It also doesn't validate the parameter in the first place(f.e. type if `Datetime` but you pass a `String`). You can see [here](https://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlparametercollection.add(v=vs.110).aspx) that only `Add` which takes an `Object` as second argument is deprecated. – Tim Schmelter May 21 '15 at 07:27
2

You're absolutely right, @TimSchmelter. My reading of the text was flawed. Thanks for the correction. I'm writing some new code where I'll be using Add(). And I'll change my upvote on this Answer to a downvote, as Rahul Nikate was as mistaken as I was. – TonyG May 21 '15 at 15:09
@TonyG My answer is specific about `Add(String parameterName, Object value)` and not about all overloads of Add() method. So It's not fair to downvote my answer. Thank you – Rahul Nikate May 21 '15 at 15:19

score 3 · Answer 4 · edited Nov 26 '19 at 17:38

As an alternative, I have a library that makes it easy to work with procs: https://www.nuget.org/packages/SprocMapper/

SqlServerAccess sqlAccess = new SqlServerAccess("your connection string");
    sqlAccess.Procedure()
         .AddSqlParameter("@FirstName", SqlDbType.VarChar, txtFirstName.Text)
         .AddSqlParameter("@FirstName", SqlDbType.VarChar, txtLastName.Text)
         .ExecuteNonQuery("StoredProcedureName");

score 2 · Answer 5 · edited Oct 03 '16 at 17:01

2

public void myfunction(){
        try
        {
            sqlcon.Open();
            SqlCommand cmd = new SqlCommand("sp_laba", sqlcon);
            cmd.CommandType = CommandType.StoredProcedure;
            cmd.ExecuteNonQuery();
        }
        catch(Exception ex)
        {
            MessageBox.Show(ex.Message);
        }
        finally
        {
            sqlcon.Close();
        }
}

edited Oct 03 '16 at 17:01

hveiga

6,725
7
54
78

answered Oct 03 '16 at 16:24

user6916720

31
1

Parameter is missing, but IMHO best answer, if you include `command.parameters.AddSqlParameter("@FirstName", SqlDbType.VarChar).Value ="myText" ` and `if (connection.State != ConnectionState.Closed)` `connection.Close();` . – Tzwenni Aug 04 '21 at 03:21

score 1 · Answer 6 · answered Feb 21 '17 at 00:56

The .NET Data Providers consist of a number of classes used to connect to a data source, execute commands, and return recordsets. The Command Object in ADO.NET provides a number of Execute methods that can be used to perform the SQL queries in a variety of fashions.

A stored procedure is a pre-compiled executable object that contains one or more SQL statements. In many cases stored procedures accept input parameters and return multiple values . Parameter values can be supplied if a stored procedure is written to accept them. A sample stored procedure with accepting input parameter is given below :

  CREATE PROCEDURE SPCOUNTRY
  @COUNTRY VARCHAR(20)
  AS
  SELECT PUB_NAME FROM publishers WHERE COUNTRY = @COUNTRY
  GO

The above stored procedure is accepting a country name (@COUNTRY VARCHAR(20)) as parameter and return all the publishers from the input country. Once the CommandType is set to StoredProcedure, you can use the Parameters collection to define parameters.

  command.CommandType = CommandType.StoredProcedure;
  param = new SqlParameter("@COUNTRY", "Germany");
  param.Direction = ParameterDirection.Input;
  param.DbType = DbType.String;
  command.Parameters.Add(param);

The above code passing country parameter to the stored procedure from C# application.

using System;
using System.Data;
using System.Windows.Forms;
using System.Data.SqlClient;

namespace WindowsFormsApplication1
{
    public partial class Form1 : Form
    {
        public Form1()
        {
            InitializeComponent();
        }

        private void button1_Click(object sender, EventArgs e)
        {
            string connetionString = null;
            SqlConnection connection ;
            SqlDataAdapter adapter ;
            SqlCommand command = new SqlCommand();
            SqlParameter param ;
            DataSet ds = new DataSet();

            int i = 0;

            connetionString = "Data Source=servername;Initial Catalog=PUBS;User ID=sa;Password=yourpassword";
            connection = new SqlConnection(connetionString);

            connection.Open();
            command.Connection = connection;
            command.CommandType = CommandType.StoredProcedure;
            command.CommandText = "SPCOUNTRY";

            param = new SqlParameter("@COUNTRY", "Germany");
            param.Direction = ParameterDirection.Input;
            param.DbType = DbType.String;
            command.Parameters.Add(param);

            adapter = new SqlDataAdapter(command);
            adapter.Fill(ds);

            for (i = 0; i <= ds.Tables[0].Rows.Count - 1; i++)
            {
                MessageBox.Show (ds.Tables[0].Rows[i][0].ToString ());
            }

            connection.Close();
        }
    }
}

Your answer does not use [using](https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/keywords/using-statement) blocks which is a best practice. Also, there should be a try catch block to deal with any exceptions. — Trisped, Aug 16 '18 at 17:42

score 1 · Answer 7 · answered Oct 06 '20 at 06:35

Here is my technique I'd like to share. Works well so long as your clr property types are sql equivalent types eg. bool -> bit, long -> bigint, string -> nchar/char/varchar/nvarchar, decimal -> money

public void SaveTransaction(Transaction transaction) 
{
    using (var con = new SqlConnection(ConfigurationManager.ConnectionStrings["ConString"].ConnectionString))
    {
        using (var cmd = new SqlCommand("spAddTransaction", con))
        {
            cmd.CommandType = CommandType.StoredProcedure;
            foreach (var prop in transaction.GetType().GetProperties(BindingFlags.Public | BindingFlags.Instance))
                cmd.Parameters.AddWithValue("@" + prop.Name, prop.GetValue(transaction, null));
            con.Open();
            cmd.ExecuteNonQuery();
        }
    }
}

estinamir · Answer 8 · 2023-08-07T16:15:43.137

A reusable store procedure calling method:

public static DataTable GetValFromStoreProc(SqlParameter[] parameters, string storedProcName, SqlConnection conn)
{
    DataTable dt = new DataTable();
    using (DataTable MyDT = new DataTable())
    {
        try
        {
            using (SqlConnection dbconn = conn)
            {
                dbconn.Open();
                try
                {
                    using (SqlDataReader MyDR = DB.ExecuteStoredProcReader(storedProcName, parameters, dbconn))
                    {
                        if (MyDR != null)
                        {                                                                      
                            dt.Load(MyDR);                                                                        
                        }
                    }
                }
                catch (Exception ex)
                {
                    string aaa = ex.Message;
                }
            }
            return dt;
        }
        catch (Exception ex)
        {
            string aaaa = ex.Message;
            return dt;
        }
    }
}

//Usage
var dt = AppLogic.GetValFromStoreProc(new[] { new SqlParameter("SKU", VendorFullSKU) }, "xtr_CheckBackorderedForATP", DB.dbConn());                
DataTableReader dataReader = dt.CreateDataReader();
var quan = -1;
if (dataReader != null)
{
    //only first top record
    if (dataReader.Read())
    {
        quan = dataReader.GetInt32(dataReader.GetOrdinal("Quan"));
    }
}

Call a stored procedure with parameter in c#

8 Answers8

Linked

Related