/// <summary>
/// Adds a parameter to the collection
/// </summary>
/// <param name="Name">The name of the parameter</param>
/// <param name="Val">The value of the parameter</param>
/// <param name="Type">The type of paramter you are adding</param>
/// <param name="Output">Determines whether the parameter is of type output</param>
public void Add(string Name, object Val, FieldType Type, bool Output)
{
Parameter p = new Parameter(Name, Val, Type, Output);
Add(p);
}
/// <summary>
/// Replaces a parameter from a command
/// </summary>
/// <param name="cmd">The command you want to replace the parameter from</param>
/// <param name="param">The parameter you want to peform the replace on</param>
private void ReplaceParameter(SqlCommand cmd, Parameter param)
{
//TODO: Either change these to use true SqlParameters, or make sure they are not opening us to SQL Injection
switch (param.Type)
{
case ParameterCollection.FieldType.DateTime:
DateTime d = DateTime.Parse(param.Value.ToString());
string tmpDate = d.Year + "-" + PadNumber(d.Month) + "-" + PadNumber(d.Day) + "T" + PadNumber(d.Hour) + ":" + PadNumber(d.Minute) + ":" + PadNumber(d.Second);
cmd.Parameters.Add(new SqlParameter(param.Name, tmpDate));
break;
case ParameterCollection.FieldType.DoubleByteText:
cmd.CommandText = cmd.CommandText.Replace(param.Name, "N'" + param.Value.ToString().Replace("'", "''") + "'");
break;
case ParameterCollection.FieldType.Numeric:
cmd.Parameters.Add(new SqlParameter(param.Name, param.Value));
break;
default:
cmd.CommandText = cmd.CommandText.Replace(param.Name, "'" + param.Value.ToString().Replace("'", "''") + "'");
break;
}
}
/// <summary>
/// Adds a parameter to the collection
/// </summary>
/// <param name="p">The parameter you wish to add</param>
public void Add(Parameter p)
{
for (int i = 0; i < items.Count; i++)
{
if (this[i].Name == p.Name)
{
throw new Exceptions.DuplicateParameterException("Parementer already exists in collection\r\n\r\n" + p.Name);
}
}
items.Add(p);
}
