0

I have this command but it keeps showing:

DROP TABLE [dbo].[@User]

Code:

void DropTable()
{
      using (Command = new SqlCommand(CommandString = "DROP TABLE [dbo].[@User]", ConnectionString));
      Command.Parameters.AddWithValue("@User", "TestUser");

      MessageBox.Show(Command.CommandText.ToString());
}

I checked the documentation which seems to be writen in the right way, I have restarted VS and rebuild the solution but keep getting the same error.

Any possible thought ?

Thanks in advance !

marc_s
  • 675,133
  • 158
  • 1,253
  • 1,388
MrValvis
  • 97
  • 1
  • 9
  • Also i forgot to mention that Command.Parameters["@User"].Value ="TestUser"; has the same result – MrValvis Jan 29 '20 at 21:06
  • 3
    You cannot use parameters for object identifiers. That's only for values. And [you should avoid `AddWithValue()`](https://www.dbdelta.com/addwithvalue-is-evil/). – sticky bit Jan 29 '20 at 21:13
  • What are you trying to achieve here? – Thailo Jan 29 '20 at 21:13
  • Originaly the code was using (SqlCommand DeleteRenterInfo = new SqlCommand(CommandString = @"DROP TABLE [dbo].[" + User + "] )", ConnectionString)) which was running fine , but its not really nice and has many flaws especialy for sql injection – MrValvis Jan 29 '20 at 21:16
  • Not that this is a terribly good idea, I think what you're trying to do is build a stored procedure that takes a table name and drops that table. Something like this https://stackoverflow.com/questions/22105121/how-to-take-table-name-as-an-input-parameter-to-the-stored-procedure – JP Alioto Jan 29 '20 at 21:17
  • Are you getting the value for the _user_ variable from user input? – Steve Jan 29 '20 at 21:26
  • @Steve No ,the programm get the all the values from select query (fillby), then user have only to select the desired user by clicking on him and the programm pass the value. In the code above I create a test variable to see if variable is passed inside the command string. – MrValvis Jan 29 '20 at 21:51

0 Answers0