csharp Parametrised SQL
using System.Data.SqlClient; SqlConnection conn = new SqlConnection(ConnectionStringGoesHere); conn.Open(); SqlCommand cmd = new SqlCommand(); cmd.Connection = conn; cmd.CommandText = "StoredProcedureName"; cmd.CommandType = System.Data.CommandType.StoredProcedure; cmd.Parameters.AddWithValue("@Test1", 1); cmd.Parameters.AddWithValue("@Test2", 123); SqlDataReader dr = cmd.ExecuteReader(); while (dr.Read()) { Console.WriteLine(dr["Column1"].ToString()); Console.WriteLine(dr["Column2"].ToString()); } //cleanup dr.Close(); dr.Dispose(); cmd.Dispose(); conn.Close(); conn.Dispose();
Using parametrised SQL statements, rather than building them up as one string.
Updated: Friday 15th October 2010, 11:13pm
There are 0 comments
Comments are currently closed.