Parameterized query

[Jorell]

Hey everyone,

I am currently using Microsofts DataAccess Application
block ( SQLHelper ) and what I want to do is use a
parameterized query instead of just SQL. I can not use
stored procedures, I just want to create an sql statement
such as this:
Dim SelectStatement As String = _
"SELECT folder_id, " & _
"document, " & _
"doc_page, " & _
"user_id, " & _
"notes_date, " & _
"notes_access, " & _
"notes_title, " & _
"notes_text " & _
"FROM pwv_doc_notes_tbl " & _
"WHERE document = ? AND " & _
"folder_id = ? AND " & _
"(user_id = ? OR " & _
"notes_access <> 1 )"

And then create 3 parameters:
Dim Param1 As SQLDataParameter("Document", document)
Dim Param2 As SQLDataParameter("FolderId",folderId)
Dim Param3 As SQLDataParameter("UserId", userId)

And executeDataset:
Ds = SqlHelper.ExecuteDataset(CommandType.Text,
SelectStatement, Param1, Param2, Param3)

This doesn't work but I am new to parameterized queries so
I am curious if anyone can shed some light on what I am
doing wrong?
I appologize if this is unclear...
Thanks

Jorell

 

[Peter Provost]

Probably not the right group for this question, but here is an answer...

Instead of using the question mark, use a names T-SQL parameter. For
example:

string sql = "SELECT * FROM authors WHERE fname=@fname"
SqlParameter param = new SqlParameter( "@fname", "Peter" );

Etc...