Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 250
  • Last Modified:

How do I include multiple parameters in a SQL query in C#.net?

I have a form that I accept inputs from 5 text boxes.
I want to be able to include each input from the text boxes in my insert into query.
I want to use parameters to prevent database injection.
I also want to update the field in the database as NULL if nothing was entered in a text box.
I am using a SQL backend.

Could you please show me a working coded example of how to this?

0
wademi
Asked:
wademi
  • 2
1 Solution
 
Daniel WilsonCommented:

String SQL = "Insert into MyTable(Field1, Field2, Field3, Field4, Field5) Values (@Val1, @val2, @Val3, @Val4, @Val5)";
SqlCommand cmd = new SqlCommand(new SqlConnection(MyConnStr), SQL);
SqlParameter P;
 
P = new SqlParameter("@Val1",SqlDbType.VarChar);
P.Value = Text1.Text
cmd.Parameters.Add(P);
 
P = new SqlParameter("@Val2",SqlDbType.VarChar);
P.Value = Text2.Text
cmd.Parameters.Add(P);
 
//etc.
 
cmd.ExecuteNonQuery();

Open in new window

0
 
Daniel WilsonCommented:
Oh, I didn't get the NULL ...

for line 6:

if (Text1.Text.Trim.Length > 0){
  P.Value = Text1.Text;
}else{
  P.Value = System.Data.DBNull.Value;
}
0
 
wademiAuthor Commented:
Thanks
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now