I'd recommend using the parameters collection rather than concatenating SQL
Statement into a string (Which is susceptible to SQL Injection exploits),
for example using SqlDataAdapter wizard code you would add the following
line:
SqlInsertCommand1.Parameters["@LastName"].Value = textBox1.Text;
I included some IDE generated code at the bottom of the email so you can see
how the above line relates to the SqlCommand as a whole.
--
Brian M. Reisman
MCAD, MCDBA, MCSD,
MCSE, MCT, OCA, NET+
My Book @ Amazon:
http://www.amazon.com/exec/obidos/tg/detail/-/0782141617
this.sqlInsertCommand1.CommandText = @"INSERT INTO Employees(LastName,
FirstName, Title, TitleOfCourtesy, BirthDate, HireDate, Address, City,
Region, PostalCode, Country, HomePhone, Extension, Photo, Notes, ReportsTo,
PhotoPath) VALUES (@LastName,
@Firstname, @Title, @TitleOfCourtesy,
@BirthDate, @HireDate,
@address, @City, @Region, @PostalCode, @Country,
@HomePhone, @Extension, @Photo,
@Notes, @ReportsTo, @PhotoPath); SELECT
EmployeeID, LastName, FirstName, Title, TitleOfCourtesy, BirthDate,
HireDate, Address, City, Region, PostalCode, Country, HomePhone, Extension,
Photo, Notes, ReportsTo, PhotoPath FROM Employees WHERE (EmployeeID =
@@IDENTITY)";
this.sqlInsertCommand1.Connection = this.sqlConnection2;
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@LastName",
System.Data.SqlDbType.NVarChar, 20, "LastName"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("
@Firstname",
System.Data.SqlDbType.NVarChar, 10, "FirstName"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@Title", System.Data.SqlDbType.NVarChar,
30, "Title"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@TitleOfCourtesy",
System.Data.SqlDbType.NVarChar, 25, "TitleOfCourtesy"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@BirthDate",
System.Data.SqlDbType.DateTime, 8, "BirthDate"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@HireDate",
System.Data.SqlDbType.DateTime, 8, "HireDate"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("
@address",
System.Data.SqlDbType.NVarChar, 60, "Address"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@City", System.Data.SqlDbType.NVarChar,
15, "City"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@Region",
System.Data.SqlDbType.NVarChar, 15, "Region"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@PostalCode",
System.Data.SqlDbType.NVarChar, 10, "PostalCode"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@Country",
System.Data.SqlDbType.NVarChar, 15, "Country"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@HomePhone",
System.Data.SqlDbType.NVarChar, 24, "HomePhone"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@Extension",
System.Data.SqlDbType.NVarChar, 4, "Extension"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@Photo",
System.Data.SqlDbType.VarBinary, 2147483647, "Photo"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("
@Notes", System.Data.SqlDbType.NVarChar,
1073741823, "Notes"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@ReportsTo", System.Data.SqlDbType.Int,
4, "ReportsTo"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@PhotoPath",
System.Data.SqlDbType.NVarChar, 255, "PhotoPath"));