csharp Parametrised SQL

using System.Data.SqlClient;

SqlConnection conn = new SqlConnection(ConnectionStringGoesHere);
conn.Open();

SqlCommand cmd = new SqlCommand();

cmd.Connection = conn;
cmd.CommandText = "StoredProcedureName";
cmd.CommandType = System.Data.CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("@Test1", 1);
cmd.Parameters.AddWithValue("@Test2", 123);

SqlDataReader dr = cmd.ExecuteReader();
while (dr.Read())
{
	Console.WriteLine(dr["Column1"].ToString());
	Console.WriteLine(dr["Column2"].ToString());
}

//cleanup
dr.Close();
dr.Dispose();
cmd.Dispose();
conn.Close();
conn.Dispose();
Using parametrised SQL statements, rather than building them up as one string.

Updated: Friday 15th October 2010, 11:13pm

There are 0 comments

Leave a comment of your own

Comments are currently closed.