csharp Parametrised SQL
using System.Data.SqlClient;
SqlConnection conn = new SqlConnection(ConnectionStringGoesHere);
conn.Open();
SqlCommand cmd = new SqlCommand();
cmd.Connection = conn;
cmd.CommandText = "StoredProcedureName";
cmd.CommandType = System.Data.CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("@Test1", 1);
cmd.Parameters.AddWithValue("@Test2", 123);
SqlDataReader dr = cmd.ExecuteReader();
while (dr.Read())
{
Console.WriteLine(dr["Column1"].ToString());
Console.WriteLine(dr["Column2"].ToString());
}
//cleanup
dr.Close();
dr.Dispose();
cmd.Dispose();
conn.Close();
conn.Dispose();Using parametrised SQL statements, rather than building them up as one string.
Updated: Friday 15th October 2010, 12:42pm
There are 0 comments
Comments are currently closed.