Query Parameters

[Shahid Juma]

Hi,

I am using Microsoft Application Blocks and I have the following query.

//save the data
insertSQL = "INSERT INTO Table1 VALUES (" + unixTime + "," + CCR + ","
+ CCT + "," + CCT + ",'" + completedBy + "','" + id + "',100, 'test',
'test')";

SqlHelper.ExecuteNonQuery (objConnect, CommandType.Text, insertSQL);

Is there anyway to break up the above so it is cleaner and I just pass
the parameters instead of building the query? The above does do the
work but is not cleaner and I need to use the same query somewhere else
too.

Thanks for the help
Shahid

 

[John]

Hi,

I am using Microsoft Application Blocks and I have the following query.

//save the data
insertSQL = "INSERT INTO Table1 VALUES (" + unixTime + "," + CCR + ","
+ CCT + "," + CCT + ",'" + completedBy + "','" + id + "',100, 'test',
'test')";

SqlHelper.ExecuteNonQuery (objConnect, CommandType.Text, insertSQL);

Is there anyway to break up the above so it is cleaner and I just pass
the parameters instead of building the query? The above does do the

This doesn't really answer your questions, but in case you don't know,
THIS IS VER DANGEROUS IN A WEBAPP.

Go google "SQL Injection Attack"

Then use either a stored procedure or a parameterized query. You'll add
lines of code, but you'll sleep better knowing you aren't going to get sued
for incompetence.

Regards,
John