passing Parameters

[Guest]

ok lets say I use the insertcommand in ado.net to insert a string from the
info the user rights in a textbox.
The textbox name is txtName.text do I use ('" +txtname.text +"'); or do I
use a parameter and if so how would I change ('" +txtname.text +"'); to a
parameter
Thanks

 

[Jon Skeet [C# MVP]]

ok lets say I use the insertcommand in ado.net to insert a string from the
info the user rights in a textbox.
The textbox name is txtName.text do I use ('" +txtname.text +"'); or do I
use a parameter and if so how would I change ('" +txtname.text +"'); to a
parameter

*Always* use a parameter - that way you don't need to worry about SQL
injection attacks and things like the right format for dates.

As for how you'd do it - I suggest you read the examples in the
SqlParameter and related classes.