Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- var sql = "INSERT INTO myTable (myField1, myField2) " +
- "VALUES ('" + someVariable + "', '" + someTextBox.Text + "');";
- var cmd = new SqlCommand(sql, myDbConnection);
- cmd.ExecuteNonQuery();
- var sql = "INSERT INTO myTable (myField1, myField2) " +
- "VALUES (@someValue, @someOtherValue);";
- using (var cmd = new SqlCommand(sql, myDbConnection))
- {
- cmd.Parameters.AddWithValue("@someValue", someVariable);
- cmd.Parameters.AddWithValue("@someOtherValue", someTextBox.Text);
- cmd.ExecuteNonQuery();
- }
- var sql = "UPDATE myTable SET myField1 = @newValue WHERE myField2 = @someValue;";
- // see above, same as INSERT
- var sql = "SELECT myField1, myField2 FROM myTable WHERE myField3 = @someValue;";
- using (var cmd = new SqlCommand(sql, myDbConnection))
- {
- cmd.Parameters.AddWithValue("@someValue", someVariable);
- using (var reader = cmd.ExecuteReader())
- {
- ...
- }
- // Alternatively: object result = cmd.ExecuteScalar();
- // if you are only interested in one value of one row.
- }
Add Comment
Please, Sign In to add comment