Solved

How do I include multiple parameters in a SQL query in C#.net using ODBCPARAMETER?

Posted on 2008-10-24
4
338 Views
Last Modified: 2013-12-17
I have a form that I accept inputs from 5 text boxes.
I want to be able to include each input from the text boxes in my insert into query.
I want to use parameters to prevent database injection.
I also want to update the field in the database as NULL if nothing was entered in a text box.
I am using a SQL backend.

I got the following example from someone:

P = new SqlParameter("@Val1",SqlDbType.VarChar);
if (Text1.Text.Trim.Length > 0){
 P.Value = Text1.Text;
}else{
 P.Value = System.Data.DBNull.Value;
}
cmd.Parameters.Add(P);


P = new SqlParameter("@Val2",SqlDbType.VarChar);
if (Text1.Text.Trim.Length > 0){
 P.Value = Text1.Text;
}else{
 P.Value = System.Data.DBNull.Value;
}
cmd.Parameters.Add(P);

My insert command looks something like this insert into table(("@Val1","@Val2",

But when I debug the program "@Val1","@Val2", are NULL

The record is inserted in the database but the filed are empty


Instead of using "@Val1","@Val2", should I be using something like ? ,? instead because I am using ODBC?

0
Comment
Question by:wademi
  • 3
4 Comments
 
LVL 13

Accepted Solution

by:
numberkruncher earned 500 total points
ID: 22801064
Try the following...it would be interesting to know if your results change:
P = new SqlParameter("@Val1",SqlDbType.VarChar);
if (Text1.Text.Trim.Length > 0){
 P.Value = Text1.Text;
}else{
 P.Value = 'T';
}
cmd.Parameters.Add(P);
 
 
P = new SqlParameter("@Val2",SqlDbType.VarChar);
if (Text1.Text.Trim.Length > 0){
 P.Value = Text1.Text;
}else{
 P.Value = 'T';
}
cmd.Parameters.Add(P);

Open in new window

0
 

Author Comment

by:wademi
ID: 22801312
This did not help P.Value = 'T'. I dont want to change P.Value = System.Data.DBNull.Value because if the text box are blank I want the field to be null.

I think their is something else causing the fields to be null.
0
 
LVL 13

Expert Comment

by:numberkruncher
ID: 22804339
I found another Experts Exchange question for which the solution may be relevant to your problem. It suggests that you should use OdbcParameter with an OdbcCommand and that named parameters should be replaced with variables.

Check out the following link:
http://www.experts-exchange.com/Microsoft/Development/MS-SQL-Server/SQL-Server-2005/Q_23425185.html
0
 
LVL 13

Expert Comment

by:numberkruncher
ID: 22859343
Did my previous suggestion help with your problem?
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This document covers how to connect to SQL Server and browse its contents.  It is meant for those new to Visual Studio and/or working with Microsoft SQL Server.  It is not a guide to building SQL Server database connections in your code.  This is mo…
Today I had a very interesting conundrum that had to get solved quickly. Needless to say, it wasn't resolved quickly because when we needed it we were very rushed, but as soon as the conference call was over and I took a step back I saw the correct …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question