wademi
asked on
How do I include multiple parameters in a SQL query in C#.net using ODBCPARAMETER?
I have a form that I accept inputs from 5 text boxes.
I want to be able to include each input from the text boxes in my insert into query.
I want to use parameters to prevent database injection.
I also want to update the field in the database as NULL if nothing was entered in a text box.
I am using a SQL backend.
I got the following example from someone:
P = new SqlParameter("@Val1",SqlDb Type.VarCh ar);
if (Text1.Text.Trim.Length > 0){
P.Value = Text1.Text;
}else{
P.Value = System.Data.DBNull.Value;
}
cmd.Parameters.Add(P);
P = new SqlParameter("@Val2",SqlDb Type.VarCh ar);
if (Text1.Text.Trim.Length > 0){
P.Value = Text1.Text;
}else{
P.Value = System.Data.DBNull.Value;
}
cmd.Parameters.Add(P);
My insert command looks something like this insert into table(("@Val1","@Val2",
But when I debug the program "@Val1","@Val2", are NULL
The record is inserted in the database but the filed are empty
Instead of using "@Val1","@Val2", should I be using something like ? ,? instead because I am using ODBC?
I want to be able to include each input from the text boxes in my insert into query.
I want to use parameters to prevent database injection.
I also want to update the field in the database as NULL if nothing was entered in a text box.
I am using a SQL backend.
I got the following example from someone:
P = new SqlParameter("@Val1",SqlDb
if (Text1.Text.Trim.Length > 0){
P.Value = Text1.Text;
}else{
P.Value = System.Data.DBNull.Value;
}
cmd.Parameters.Add(P);
P = new SqlParameter("@Val2",SqlDb
if (Text1.Text.Trim.Length > 0){
P.Value = Text1.Text;
}else{
P.Value = System.Data.DBNull.Value;
}
cmd.Parameters.Add(P);
My insert command looks something like this insert into table(("@Val1","@Val2",
But when I debug the program "@Val1","@Val2", are NULL
The record is inserted in the database but the filed are empty
Instead of using "@Val1","@Val2", should I be using something like ? ,? instead because I am using ODBC?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I found another Experts Exchange question for which the solution may be relevant to your problem. It suggests that you should use OdbcParameter with an OdbcCommand and that named parameters should be replaced with variables.
Check out the following link:
https://www.experts-exchange.com/questions/23425185/In-C-net-how-do-I-use-SQL-parameters-with-an-ODBC-connection.html
Check out the following link:
https://www.experts-exchange.com/questions/23425185/In-C-net-how-do-I-use-SQL-parameters-with-an-ODBC-connection.html
Did my previous suggestion help with your problem?
ASKER
I think their is something else causing the fields to be null.