Academic Tutorials



English | French | Portugese | German | Italian
Google

Home Source Codes E-Books Downloads Contact Us About Us

ADO.NET
Introduction to ADO.NET
ADO.NET Data Providers
The SqlConnection Object
The SqlCommand Object
Reading Data with the SqlDataReader
Working with Disconnected Data
Adding Parameters to Commands

HTML Tutorials
HTML Tutorial
XHTML Tutorial
CSS Tutorial
TCP/IP Tutorial
XML Tutorials
XML Tutorial
XSL Tutorial
XSLT Tutorial
DTD Tutorial
Schema Tutorial
XForms Tutorial
XSL-FO Tutorial
XML DOM Tutorial
XLink Tutorial
XQuery Tutorial
XPath Tutorial
XPointer Tutorial
RDF Tutorial
SOAP Tutorial
WSDL Tutorial
RSS Tutorial
WAP Tutorial
Web Services Tutorial
Browser Scripting
JavaScript Tutorial
VBScript Tutorial
AJAX Tutorial
DHTML Tutorial
HTML DOM Tutorial
WMLScript Tutorial
E4X Tutorial
Server Scripting
ASP Tutorial
PHP Tutorial
PERL Tutorial
SQL Tutorial
ADO Tutorial
.NET (dotnet)
Microsoft.Net
XML Web Services
ASP.Net
.Net Mobile
C# : C Sharp
ADO.NET
VB.NET
Multimedia
SVG Tutorial
Flash Tutorial
Media Tutorial
SMIL Tutorial
Web Building
Web Browsers
Web Hosting
W3C Tutorial
Web Building
Web Quality
Web Semantic
Web Careers
Java Tutorials
Java Tutorial
JSP Tutorial
Servlets Tutorial
Struts Tutorial
EJB Tutorial
JMS Tutorial
JMX Tutorial
Programming Langauges
C Tutorial
C++ Tutorial
Visual Basic Tutorial
Data Structures Using C
Soft Skills
Communication Skills
Time Management
Project Management
Team Work
Leadership Skills
Corporate Communication
Negotiation Skills


Adding Parameters to Commands

Previous Next
Introduction

When working with data, you'll often want to filter results based on some criteria. Typically, this is done by accepting input from a user and using that input to form a SQL query.

As you know, the SQL query assigned to a SqlCommand object is simply a string. So, if you want to filter a query, you could build the string dynamically, but you wouldn't want to. Here is a bad example of filtering a query.
SqlCommand cmd = new SqlCommand(
"select * from Customers where city = '" + inputCity + "'";

Don't ever build a query this way! The input variable, inputCity, is typically retrieved from a TextBox control on either a Windows form or a Web Page. Anything placed into that TextBox control will be put into inputCity and added to your SQL string. This situation invites a hacker to replace that string with something malicious. In the worst case, you could give full control of your computer away.

Using parameterized queries is a three step process:

  1. Construct the SqlCommand command string with parameters.

  2. Declare a SqlParameter object, assigning values as appropriate.

  3. Assign the SqlParameter object to the SqlCommand object's Parameters property.

preparing a SqlCommand Object for Parameters

he first step in using parameters in SQL queries is to build a command string containing parameter placeholders. These placeholders are filled in with actual parameter values when the SqlCommand executes. Proper syntax of a parameter is to use an '@' symbol prefix on the parameter name as shown below:

SqlCommand cmd = new SqlCommand(
"select * from Customers where city = @City", conn);




Share And Enjoy:These icons link to social bookmarking sites where readers can share and discover new web pages.
  • blinkbits
  • BlinkList
  • blogmarks
  • co.mments
  • connotea
  • del.icio.us
  • De.lirio.us
  • digg
  • Fark
  • feedmelinks
  • Furl
  • LinkaGoGo
  • Ma.gnolia
  • NewsVine
  • Netvouz
  • RawSugar
  • Reddit
  • scuttle
  • Shadows
  • Simpy
  • Smarking
  • Spurl
  • TailRank
  • Wists
  • YahooMyWeb

Previous Next

Keywords: Adding Parameters to Commands, batch file commands, batch file parameters, dos commands, windows commands, unix commands, cmd commands, batch commands


HTML Quizes
HTML Quiz
XHTML Quiz
CSS Quiz
TCP/IP Quiz
XML Quizes
XML Quiz
XSL Quiz
XSLT Quiz
DTD Quiz
Schema Quiz
XForms Quiz
XSL-FO Quiz
XML DOM Quiz
XLink Quiz
XQuery Quiz
XPath Quiz
XPointer Quiz
RDF Quiz
SOAP Quiz
WSDL Quiz
RSS Quiz
WAP Quiz
Web Services Quiz
Browser Scripting Quizes
JavaScript Quiz
VBScript Quiz
AJAX Quiz
DHTML Quiz
HTML DOM Quiz
WMLScript Quiz
E4X Quiz
Server Scripting Quizes
ASP Quiz
PHP Quiz
PERL Quiz
SQL Quiz
ADO Quiz
.NET (dotnet) Quizes
Microsoft.Net Quiz
XML Web Services Quiz
ASP.Net Quiz
.Net Mobile Quiz
C# : C Sharp Quiz
ADO.NET Quiz
VB.NET Quiz
Multimedia Quizes
SVG Quiz
Flash Quiz
Media Quiz
SMIL Quiz
Web Building  Quizes
Web Browsers Quiz
Web Hosting Quiz
W3C Quiz
Web Building Quiz
Web Quality Quiz
Web Semantic Quiz
Web Careers Quiz
Java Quizes
Java Quiz
JSP Quiz
Servlets Quiz
Struts Quiz
EJB Quiz
JMS Quiz
JMX Quiz
Programming Langauges Quizes
C Quiz
C++ Quiz
Visual Basic Quiz
Data Structures Using C Quiz
Soft Skills Quizes
Communication Skills Quiz
Time Management Quiz
Project Management Quiz
Team Work Quiz
Leadership Skills Quiz
Corporate Communication Quiz
Negotiation Skills Quiz

Privacy Policy
Copyright © 2003-2008 Vyom Technosoft Pvt. Ltd., All Rights Reserved.