1: /// <summary>
2: /// Execute the parameterized query
3: /// </summary>
4: /// <param name="conn">open and active DbConnection</param>
5: /// <param name="trans">Active DbTransaction</param>
6: /// <param name="parameterizedSQL">the parameterized SQL</param>
7: /// <param name="paramList">List of OledDbParameter</param>
8: /// <returns>DataTable containing the results</returns>
9: public static void RunParameterizedInsertUpdate(DbConnection conn, DbTransaction trans, String parameterizedSQL, List<DbParameter> paramList)
10: {
11: //create the db command and set the parameterized SQL as a property
12: DbCommand command = conn.CreateCommand();
13: if(trans != null)
14: {
15: command.Transaction = trans;
16: }
17: //hack attack! By default, Oracle requires its parameters to be placed into the command
18: //in the order the parameters appear in the parameterized SQL. Little hackery here
19: //to set the Oracle Command to bind by name
20: if (command is Oracle.DataAccess.Client.OracleCommand)
21: {
22: OracleCommand oraCmd = (OracleCommand) command;
23: oraCmd.BindByName = true;
24: command = oraCmd;
25: }
26: command.CommandText = parameterizedSQL;
27: command.CommandType = CommandType.Text;
28:
29: //loop through the params and add them to the command
30: foreach (DbParameter parameter in paramList)
31: {
32: command.Parameters.Add(parameter);
33: }
34: try
35: {
36: command.Prepare();
37: command.ExecuteNonQuery();
38: }
39: catch (Exception ex)
40: {
41: command.Dispose();
42: throw;
43: }
44: }