Solved

How do I include multiple parameters in a SQL query in C#.net using ODBCPARAMETER?

Posted on 2008-10-24
4
341 Views
Last Modified: 2013-12-17
I have a form that I accept inputs from 5 text boxes.
I want to be able to include each input from the text boxes in my insert into query.
I want to use parameters to prevent database injection.
I also want to update the field in the database as NULL if nothing was entered in a text box.
I am using a SQL backend.

I got the following example from someone:

P = new SqlParameter("@Val1",SqlDbType.VarChar);
if (Text1.Text.Trim.Length > 0){
 P.Value = Text1.Text;
}else{
 P.Value = System.Data.DBNull.Value;
}
cmd.Parameters.Add(P);


P = new SqlParameter("@Val2",SqlDbType.VarChar);
if (Text1.Text.Trim.Length > 0){
 P.Value = Text1.Text;
}else{
 P.Value = System.Data.DBNull.Value;
}
cmd.Parameters.Add(P);

My insert command looks something like this insert into table(("@Val1","@Val2",

But when I debug the program "@Val1","@Val2", are NULL

The record is inserted in the database but the filed are empty


Instead of using "@Val1","@Val2", should I be using something like ? ,? instead because I am using ODBC?

0
Comment
Question by:wademi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 13

Accepted Solution

by:
numberkruncher earned 500 total points
ID: 22801064
Try the following...it would be interesting to know if your results change:
P = new SqlParameter("@Val1",SqlDbType.VarChar);
if (Text1.Text.Trim.Length > 0){
 P.Value = Text1.Text;
}else{
 P.Value = 'T';
}
cmd.Parameters.Add(P);
 
 
P = new SqlParameter("@Val2",SqlDbType.VarChar);
if (Text1.Text.Trim.Length > 0){
 P.Value = Text1.Text;
}else{
 P.Value = 'T';
}
cmd.Parameters.Add(P);

Open in new window

0
 

Author Comment

by:wademi
ID: 22801312
This did not help P.Value = 'T'. I dont want to change P.Value = System.Data.DBNull.Value because if the text box are blank I want the field to be null.

I think their is something else causing the fields to be null.
0
 
LVL 13

Expert Comment

by:numberkruncher
ID: 22804339
I found another Experts Exchange question for which the solution may be relevant to your problem. It suggests that you should use OdbcParameter with an OdbcCommand and that named parameters should be replaced with variables.

Check out the following link:
http://www.experts-exchange.com/Microsoft/Development/MS-SQL-Server/SQL-Server-2005/Q_23425185.html
0
 
LVL 13

Expert Comment

by:numberkruncher
ID: 22859343
Did my previous suggestion help with your problem?
0

Featured Post

Certified OpenStack Administrator Course

We just refreshed our COA course based on the Newton exam.  With 14 labs, this course goes over the different OpenStack services that are part of the certification: Dashboard, Identity Service, Image Service, Networking, Compute, Object Storage, Block Storage, and Orchestration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

More often than not, we developers are confronted with a need: a need to make some kind of magic happen via code. Whether it is for a client, for the boss, or for our own personal projects, the need must be satisfied. Most of the time, the Framework…
Wouldn’t it be nice if you could test whether an element is contained in an array by using a Contains method just like the one available on List objects? Wouldn’t it be good if you could write code like this? (CODE) In .NET 3.5, this is possible…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question