[thelist] Oops! Parameters in ASP.Net
Ken Schaefer
Ken at adOpenStatic.com
Tue Oct 30 19:53:48 CDT 2007
-----Original Message-----
From: thelist-bounces at lists.evolt.org [mailto:thelist-bounces at lists.evolt.org] On Behalf Of Anthony Baratta
Sent: Wednesday, 31 October 2007 3:24 AM
To: thelist at lists.evolt.org
Subject: Re: [thelist] Oops! Parameters in ASP.Net
First you really should be using a stored procedure.
>> ' Create, execute command
>> comm = New SqlCommand("INSERT into RecordsDaily ( RecordsID_rec,BookingDay_rec) values ( @MainID, @Num1)", conn)
>> comm.Parameters.Add("@MainID", Data.SqlDbType.Int)
>> comm.Parameters.Add("@Num1", Data.SqlDbType.Int)
>> comm.ExecuteNonQuery()
>
> Second you are not passing the values to the parameters.
>
> Third I would just do it this way:
>
> comm = New SqlCommand("INSERT into RecordsDaily ( RecordsID_rec,BookingDay_rec) values ( "
> + MainID.ToString()
> + ", "
> + Num1.ToString() + ")", conn)
> comm.ExecuteNonQuery()
Why would you do it this way? That seems about the worst way of doing it (ameliorated by the fact that OP was hard coding the variable values, but presumably that was only for testing purposes).
Cheers
Ken
More information about the thelist
mailing list