Parametrzied hell

I was trying to parametrize the table name and field name as there were different tables but similar query. The code looked like below.

1
2
3
string sql = @"SELECT * FROM @table_name;"
command.Parameters.Add(new SqlParameter("@table_name", System.Data.SqlDbType.String));
command.Parameters["@table_name"].Value = "tableName";

The tricky thing is that when you try to parametrize the table names or field names, there will be no error or exception being caught. It just won’t output anything while the program is still running, which is very weird and confusing. After spending several hours exploring and checking my other existed code, I found this problem and realized I’d better not do this.

Technically you can implement this with dynamic sql query (https://stackoverflow.com/questions/2838490/a-table-name-as-a-variable). But I was not using it in a sql file, it was just part of my c# code. And I didn’t want to spend too much time on this. (https://stackoverflow.com/questions/3330343/c-sharp-sqlcommand-cannot-use-parameters-for-column-names-how-to-resolve)

I hardcoded the sql query to solve this as there were only two different tables.