Insert Command With Parameters

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

All

If I have a SQL statmenet as illistarted below what is the best way to
append parameters to the command.

Dim sql As Text.StringBuilder
sql.Append("INSERT Table ")
sql.Append("(col1, col2) ")
sql.Append("?, ?")

Thanks
 
David said:
If I have a SQL statmenet as illistarted below what is the best way to
append parameters to the command.

Dim sql As Text.StringBuilder
sql.Append("INSERT Table ")
sql.Append("(col1, col2) ")
sql.Append("?, ?")
Click to expand...

Sample (look for "INSERT INTO"):

..NET Framework Class Library -- 'SqlDataAdapter' Constructor ('SqlCommand')
<URL:http://msdn.microsoft.com/library/e...ataSqlClientSqlDataAdapterClassctorTopic2.asp>

The sample shows how to use a parameterized command. This approach is
recommended over building up the whole command string by hand because it
protects from SQL injection.
 
Herfried,

You show SQL parameters. The parameters are the only thing that I know which
are different between SQLClient and OleDb.

Showed by the OP is an OleDb SQL Insert string.

That the OP ask this is very good, because it is not that well described on
MSDN.

Cor
 
You must log in or register to reply here.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Different results with the same query?!? 4
Transaction Help 2
StringBuilder and memory management 2
Use of SQL parameters via ODBC drivers 2
How to get the value of counter field 7
Best way of inserting 700,000 records 10
a better way for user searches 4
INSERT statement using variables 11

Back
Top