You will not be able to change the column name by SqlCommand
, because the parameters only serve to add values.
You need to do this before creating the command by changing the original SQL:
var valorTipo = "valor do tipo";
var nomeDaColuna = "NomeColuna";
var sql = string.Format(@"
SELECT IDLayout, Nome, {0}, TipoProduto
FROM ProdutoLayout
WHERE (TipoProduto = @tipo) AND ({0} = 1)
", nomeDaColuna);
var command = new SqlCommand(sql);
command.Parameters.AddWithValue("@tipo", valorTipo);
I hope that the name of this column comes from a reliable source, because this will be a point of Sqlinjection and it will have to be treated if the case.
A Parameter is not allowed in this Location. Ensure that the '@' Sign is in a Valid Location or that Parameters are Valid at all in this SQL statement. I get this error this way.
– user6018