Typed Dataset and Table Adaptor

[Mark]

Hi -

I'm working in VS2008, C.

I created a New Data Source via wizard and added a customized Select Query
to the TableAdapter.

It's simple:
Select ID, Name From myTable
Where ID = @id

So in code I excute the Fill method:
this.myTableTableAdapter.FillbyID(this.myDataSet.myTable, 14);

Where/How at runtime can I see the Select statement after the parameter has
been resolved? It would look like this:
Select ID, Name From myTable
Where ID = 14

Thank you,
Mark

 

[Mark Peters]

So in code I excute the Fill method:

this.myTableTableAdapter.FillbyID(this.myDataSet.myTable, 14);

Where/How at runtime can I see the Select statement after the parameter has
been resolved? It would look like this:
Select ID, Name From myTable
Where ID = 14

In short, you can't.

You are (properly) using a parametrized query. However, you seem to
misunderstand how they work. The whole point behind a parametrized
query is that the parameter is *not* just stuffed into the SQL string.
The parameters are bundled separate from the query. The TableAdapter
abstracts most of this out or your view, though it might be
informative to dig into the generated code.

In your example, what gets sent to the server is roughly the
following:

Query:
"Select ID, Name From myTable Where ID = @id"
Parameters:
@id, 14

Do some web searches for "parametrized query" and "SQL injection
attack" for more info.