?
Solved

How do I include multiple parameters in a SQL query in C#.net?

Posted on 2008-10-24
3
Medium Priority
?
249 Views
Last Modified: 2013-12-17
I have a form that I accept inputs from 5 text boxes.
I want to be able to include each input from the text boxes in my insert into query.
I want to use parameters to prevent database injection.
I also want to update the field in the database as NULL if nothing was entered in a text box.
I am using a SQL backend.

Could you please show me a working coded example of how to this?

0
Comment
Question by:wademi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 32

Expert Comment

by:Daniel Wilson
ID: 22799487

String SQL = "Insert into MyTable(Field1, Field2, Field3, Field4, Field5) Values (@Val1, @val2, @Val3, @Val4, @Val5)";
SqlCommand cmd = new SqlCommand(new SqlConnection(MyConnStr), SQL);
SqlParameter P;
 
P = new SqlParameter("@Val1",SqlDbType.VarChar);
P.Value = Text1.Text
cmd.Parameters.Add(P);
 
P = new SqlParameter("@Val2",SqlDbType.VarChar);
P.Value = Text2.Text
cmd.Parameters.Add(P);
 
//etc.
 
cmd.ExecuteNonQuery();

Open in new window

0
 
LVL 32

Accepted Solution

by:
Daniel Wilson earned 2000 total points
ID: 22799523
Oh, I didn't get the NULL ...

for line 6:

if (Text1.Text.Trim.Length > 0){
  P.Value = Text1.Text;
}else{
  P.Value = System.Data.DBNull.Value;
}
0
 

Author Closing Comment

by:wademi
ID: 31509788
Thanks
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us here at EE write code. Many of us write exceptional code; just as many of us write exception-prone code. As we all should know, exceptions are a mechanism for handling errors which are typically out of our control. From database errors, t…
Wouldn’t it be nice if you could test whether an element is contained in an array by using a Contains method just like the one available on List objects? Wouldn’t it be good if you could write code like this? (CODE) In .NET 3.5, this is possible…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question