How do I validate an SQL query before executing it using C#
I doubt if you should do this:
- what if
XYZis not a table, but a view, materialized view, stored procedure (depends on RDBMS) which returns cursor? - what if
XYZis a table, but user has not permission (grant) to read it? - what if user has no permission on, say,
A2field reading?
There're other cases which should be taken into account
- the query can be re-written (e.g. in case of Oracle via FGA - Fine Grain Audit)
XYZcan be a synonym for whatever, e.g. dblink to remote table on Hadoop, while this Hadoop is temporary out of service
So I suggest executing the query without any preliminary check, but parsing and explaining exception thrown if any.
The very suitable way is excecuting the code in MS SQL and let MS SQL figure out the errors.
StringBuilder query= new StringBuilder();query.Append("BEGIN \n");query.Append("BEGIN TRY \n");query.Append(" -- Table does not exist; object name resolution \n");query.Append(" -- error not caught. \n");query.Append(" --Append the variable which holds your sql query \n");query.Append(" --For eg.: SELECT * FROM NonexistentTable; \n");query.Append(" END TRY \n");query.Append(" BEGIN CATCH \n");query.Append(" SELECT \n");query.Append(" ERROR_NUMBER() AS ErrorNumber \n");query.Append(" ,ERROR_MESSAGE() AS ErrorMessage; \n");query.Append(" END CATCH \n");query.Append("END");Excecute the query using ExcecuteScalar() of SQLCommand.
SQL Server will return the exact errors for the query submitted.
So now, before executing the query, I need to check whether A1,A2 and A3 exist in the table XYZ or not.
If you want to check if the values exists in the table you have to query in the table. Without executing the query you cannot find if the value exists in the table.
If you are working in SQL Server(for example) then you can make use of the IF EXISTS clause like
IF EXISTS( SELECT * FROM sys.columns WHERE Name = 'A1' AND Name = 'A2' AND Name = 'A3' AND Object_ID = Object_ID(N'XYZ'))BEGINEND