Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

ASP.net Insert Parameter Query

Posted on 2011-03-13
2
Medium Priority
?
339 Views
Last Modified: 2012-05-11
What would the INSERT equivalent of the following ASP.net 4 parameter query be in a table adapter. See code below
SELECT        ID, School, [User], [Start date], [Start time], [End date], [End time], House, Form, [Subject or activity], [Age group], [Sport or activity], Other, [Use]
FROM            Table1
WHERE        (School = @Parameter1) AND ([User] = @Parameter2) AND (House = @Parameter3) AND (Form = @Parameter4) AND ([Subject or activity] = @Parameter5) AND 
                         ([Age group] = @Parameter6) AND ([Sport or activity] = @Parameter7) AND (Other LIKE @Parameter8)

Open in new window

0
Comment
Question by:Murray Brown
2 Comments
 
LVL 11

Accepted Solution

by:
SAMIR BHOGAYTA earned 2000 total points
ID: 35125482
Hi, Read the following things

There are two compelling reasons everyone should learn about Parameterized Queries. One entails one keyboard character and is more of a hassle reliever than anything else. That character, in code, can become either of two different objects, the single quote and the apostrophe. When you’re coding, either one can make your life truely miserable at times. The second, and MOST compelling reason to learn Parameterized Queries is to protect your database from SQL Injection Injection Attacks. If you have never heard of them, youneed to hear about them now. These attacks can reak havoc on your server and, more importantly, your data. Check out these articles on SQL Injection Attacks:

http://msdn.microsoft.com/msdnmag/issues/04/09/SQLInjection/
http://www.tech-faq.com/sql-injection-attack.shtml

Protecting Your ASP.NET from SQL Injection attacks
Simply by using Parameterized Queries, this becomes a first line of defense, and SQL Injection attacks are stopped in their tracks.

Anyone who has ever put together a long, involved SQL statement with variables, juggling single quotes, along with the double quotes (Tutorial on Single and Double Quotes), will tell you that it’s not much fun. And – on top of that, when we then talk about the apostrophe, it gets even more complicated.
0
 

Author Closing Comment

by:Murray Brown
ID: 35166625
thanks very much
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have developed many web applications with asp & asp.net and to add and use a dropdownlist was always a very simple task, but with the new asp.net, setting the value is a bit tricky and its not similar to the old traditional method. So in this a…
In an ASP.NET application, I faced some technical problems. In this article, I list them out and show the solutions that I found.  I hope it will be useful. Problem: After closing a pop-up window, the parent page should be refreshed automaticall…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question