recommended method to add row to db

E

Eirik Eldorsen

What is the recommended method to add a row to a db? I've used the following
code since I started using ASP.NET. It's simple, but it gets very hard to
manage when the tables get big. And I have to check the inputdata for , and
'


public static int Create(int areaID, int createdByID, bool active, string
title)
{
string cmd =
@"INSERT INTO TableName(AreaID, TypeID, CreatedByID, Active, Title) " +
@"VALUES ("+areaID+", 1, " + createdByID + ", " + active + ", '" + title
+ "')";
return DBFactory.UpdateDB(cmd);
}

public static int UpdateDB(string cmd)
{
OleDbConnection connection = new
OleDbConnection(ConfigurationSettings.AppSettings["ConnectionString"]);
connection.Open( );
OleDbCommand command = new OleDbCommand( );
command.Connection = connection;
command.CommandText = cmd;
command.ExecuteNonQuery( );
command.CommandText = "SELECT @@Identity";
int id = (int)command.ExecuteScalar();
connection.Close();
return id;
}
 
G

Guest

Hi Eirik,

My recommendation is that you use stored procedures on SQL Server. Stored
procedures are compiled sql, and you gain performance. Moreover by using
stored procedures you will protect yourself from sql injection attacks.
Inline sql in applications can be risky.

Regards,

Deepak
[I Code, therefore I am]
 
E

Eirik Eldorsen

Thank you. I will consider your suggestion. But what I was looking for is a
way to do this with ADO.NET, without having to write SQL code. The reason
for not wanting to write SQL, is that in the project i'm starting on, the
tables will have over 50 coloumns. It will be a real pain to write SQL
insert and update statements on so large tables.


Deepak said:
Hi Eirik,

My recommendation is that you use stored procedures on SQL Server. Stored
procedures are compiled sql, and you gain performance. Moreover by using
stored procedures you will protect yourself from sql injection attacks.
Inline sql in applications can be risky.

Regards,

Deepak
[I Code, therefore I am]


Eirik Eldorsen said:
What is the recommended method to add a row to a db? I've used the
following
code since I started using ASP.NET. It's simple, but it gets very hard to
manage when the tables get big. And I have to check the inputdata for ,
and
'


public static int Create(int areaID, int createdByID, bool active,
string
title)
{
string cmd =
@"INSERT INTO TableName(AreaID, TypeID, CreatedByID, Active, Title) "
+
@"VALUES ("+areaID+", 1, " + createdByID + ", " + active + ", '" +
title
+ "')";
return DBFactory.UpdateDB(cmd);
}

public static int UpdateDB(string cmd)
{
OleDbConnection connection = new
OleDbConnection(ConfigurationSettings.AppSettings["ConnectionString"]);
connection.Open( );
OleDbCommand command = new OleDbCommand( );
command.Connection = connection;
command.CommandText = cmd;
command.ExecuteNonQuery( );
command.CommandText = "SELECT @@Identity";
int id = (int)command.ExecuteScalar();
connection.Close();
return id;
}
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

My code appears to fail to detach the DB 4
Timeout expired error after adding download file code 0
How to read empty data 15
Completely unable to update an access db from a datagrid 4
Help with FindControl method 10
binding webcontrol to a C# method that produces string with xml data 0
Image upload to Access DB in ASP.NET/VB = VOODOO WICHCRAFT REQUIRED???? 13
not a member of 'ASP.default_aspx 6

Members online

Total: 21 (members: 2, guests: 19)
Robots: 357

Forum statistics

Threads
473,755
Messages
2,569,536
Members
45,020
Latest member
GenesisGai

Latest Threads

Top