Solved

How do I include multiple parameters in a SQL query in C#.net using ODBCPARAMETER?

Posted on 2008-10-24
4
336 Views
Last Modified: 2013-12-17
I have a form that I accept inputs from 5 text boxes.
I want to be able to include each input from the text boxes in my insert into query.
I want to use parameters to prevent database injection.
I also want to update the field in the database as NULL if nothing was entered in a text box.
I am using a SQL backend.

I got the following example from someone:

P = new SqlParameter("@Val1",SqlDbType.VarChar);
if (Text1.Text.Trim.Length > 0){
 P.Value = Text1.Text;
}else{
 P.Value = System.Data.DBNull.Value;
}
cmd.Parameters.Add(P);


P = new SqlParameter("@Val2",SqlDbType.VarChar);
if (Text1.Text.Trim.Length > 0){
 P.Value = Text1.Text;
}else{
 P.Value = System.Data.DBNull.Value;
}
cmd.Parameters.Add(P);

My insert command looks something like this insert into table(("@Val1","@Val2",

But when I debug the program "@Val1","@Val2", are NULL

The record is inserted in the database but the filed are empty


Instead of using "@Val1","@Val2", should I be using something like ? ,? instead because I am using ODBC?

0
Comment
Question by:wademi
  • 3
4 Comments
 
LVL 13

Accepted Solution

by:
numberkruncher earned 500 total points
ID: 22801064
Try the following...it would be interesting to know if your results change:
P = new SqlParameter("@Val1",SqlDbType.VarChar);

if (Text1.Text.Trim.Length > 0){

 P.Value = Text1.Text;

}else{

 P.Value = 'T';

}

cmd.Parameters.Add(P);
 
 

P = new SqlParameter("@Val2",SqlDbType.VarChar);

if (Text1.Text.Trim.Length > 0){

 P.Value = Text1.Text;

}else{

 P.Value = 'T';

}

cmd.Parameters.Add(P);

Open in new window

0
 

Author Comment

by:wademi
ID: 22801312
This did not help P.Value = 'T'. I dont want to change P.Value = System.Data.DBNull.Value because if the text box are blank I want the field to be null.

I think their is something else causing the fields to be null.
0
 
LVL 13

Expert Comment

by:numberkruncher
ID: 22804339
I found another Experts Exchange question for which the solution may be relevant to your problem. It suggests that you should use OdbcParameter with an OdbcCommand and that named parameters should be replaced with variables.

Check out the following link:
http://www.experts-exchange.com/Microsoft/Development/MS-SQL-Server/SQL-Server-2005/Q_23425185.html
0
 
LVL 13

Expert Comment

by:numberkruncher
ID: 22859343
Did my previous suggestion help with your problem?
0

Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today I had a very interesting conundrum that had to get solved quickly. Needless to say, it wasn't resolved quickly because when we needed it we were very rushed, but as soon as the conference call was over and I took a step back I saw the correct …
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now