passing Parameters

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

ok lets say I use the insertcommand in ado.net to insert a string from the
info the user rights in a textbox.
The textbox name is txtName.text do I use ('" +txtname.text +"'); or do I
use a parameter and if so how would I change ('" +txtname.text +"'); to a
parameter
Thanks
 
freddy said:
ok lets say I use the insertcommand in ado.net to insert a string from the
info the user rights in a textbox.
The textbox name is txtName.text do I use ('" +txtname.text +"'); or do I
use a parameter and if so how would I change ('" +txtname.text +"'); to a
parameter

*Always* use a parameter - that way you don't need to worry about SQL
injection attacks and things like the right format for dates.

As for how you'd do it - I suggest you read the examples in the
SqlParameter and related classes.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Back
Top