inserting data into SQL Database

[djozy]

Please,
I want to insert data into SQL Server database. I know for
this commmand:
SqlCommand myCommand= new SqlCommand("INSERT INTO table
(Column1, Column2) " +
"Values ('string', 1)", myConnection);
,but how to insert,lets say,a string from textbox1? Or
datetime from textbox2?
Thank you
djozy

 

[Brian M. Reisman]

I'd recommend using the parameters collection rather than concatenating SQL
Statement into a string (Which is susceptible to SQL Injection exploits),
for example using SqlDataAdapter wizard code you would add the following
line:

SqlInsertCommand1.Parameters["@LastName"].Value = textBox1.Text;

I included some IDE generated code at the bottom of the email so you can see
how the above line relates to the SqlCommand as a whole.
--
Brian M. Reisman
MCAD, MCDBA, MCSD,
MCSE, MCT, OCA, NET+
My Book @ Amazon: http://www.amazon.com/exec/obidos/tg/detail/-/0782141617

this.sqlInsertCommand1.CommandText = @"INSERT INTO Employees(LastName,
FirstName, Title, TitleOfCourtesy, BirthDate, HireDate, Address, City,
Region, PostalCode, Country, HomePhone, Extension, Photo, Notes, ReportsTo,
PhotoPath) VALUES (@LastName, @Firstname, @Title, @TitleOfCourtesy,
@BirthDate, @HireDate, @address, @City, @Region, @PostalCode, @Country,
@HomePhone, @Extension, @Photo, @Notes, @ReportsTo, @PhotoPath); SELECT
EmployeeID, LastName, FirstName, Title, TitleOfCourtesy, BirthDate,
HireDate, Address, City, Region, PostalCode, Country, HomePhone, Extension,
Photo, Notes, ReportsTo, PhotoPath FROM Employees WHERE (EmployeeID =
@@IDENTITY)";

this.sqlInsertCommand1.Connection = this.sqlConnection2;

this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@LastName",
System.Data.SqlDbType.NVarChar, 20, "LastName"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@Firstname",
System.Data.SqlDbType.NVarChar, 10, "FirstName"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@Title", System.Data.SqlDbType.NVarChar,
30, "Title"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@TitleOfCourtesy",
System.Data.SqlDbType.NVarChar, 25, "TitleOfCourtesy"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@BirthDate",
System.Data.SqlDbType.DateTime, 8, "BirthDate"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@HireDate",
System.Data.SqlDbType.DateTime, 8, "HireDate"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@address",
System.Data.SqlDbType.NVarChar, 60, "Address"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@City", System.Data.SqlDbType.NVarChar,
15, "City"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@Region",
System.Data.SqlDbType.NVarChar, 15, "Region"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@PostalCode",
System.Data.SqlDbType.NVarChar, 10, "PostalCode"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@Country",
System.Data.SqlDbType.NVarChar, 15, "Country"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@HomePhone",
System.Data.SqlDbType.NVarChar, 24, "HomePhone"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@Extension",
System.Data.SqlDbType.NVarChar, 4, "Extension"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@Photo",
System.Data.SqlDbType.VarBinary, 2147483647, "Photo"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@Notes", System.Data.SqlDbType.NVarChar,
1073741823, "Notes"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@ReportsTo", System.Data.SqlDbType.Int,
4, "ReportsTo"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@PhotoPath",
System.Data.SqlDbType.NVarChar, 255, "PhotoPath"));