Solved

ASP.net Insert Parameter Query

Posted on 2011-03-13
2
328 Views
Last Modified: 2012-05-11
What would the INSERT equivalent of the following ASP.net 4 parameter query be in a table adapter. See code below
SELECT        ID, School, [User], [Start date], [Start time], [End date], [End time], House, Form, [Subject or activity], [Age group], [Sport or activity], Other, [Use]
FROM            Table1
WHERE        (School = @Parameter1) AND ([User] = @Parameter2) AND (House = @Parameter3) AND (Form = @Parameter4) AND ([Subject or activity] = @Parameter5) AND 
                         ([Age group] = @Parameter6) AND ([Sport or activity] = @Parameter7) AND (Other LIKE @Parameter8)

Open in new window

0
Comment
Question by:murbro
2 Comments
 
LVL 11

Accepted Solution

by:
SAMIR BHOGAYTA earned 500 total points
Comment Utility
Hi, Read the following things

There are two compelling reasons everyone should learn about Parameterized Queries. One entails one keyboard character and is more of a hassle reliever than anything else. That character, in code, can become either of two different objects, the single quote and the apostrophe. When you’re coding, either one can make your life truely miserable at times. The second, and MOST compelling reason to learn Parameterized Queries is to protect your database from SQL Injection Injection Attacks. If you have never heard of them, youneed to hear about them now. These attacks can reak havoc on your server and, more importantly, your data. Check out these articles on SQL Injection Attacks:

http://msdn.microsoft.com/msdnmag/issues/04/09/SQLInjection/
http://www.tech-faq.com/sql-injection-attack.shtml

Protecting Your ASP.NET from SQL Injection attacks
Simply by using Parameterized Queries, this becomes a first line of defense, and SQL Injection attacks are stopped in their tracks.

Anyone who has ever put together a long, involved SQL statement with variables, juggling single quotes, along with the double quotes (Tutorial on Single and Double Quotes), will tell you that it’s not much fun. And – on top of that, when we then talk about the apostrophe, it gets even more complicated.
0
 

Author Closing Comment

by:murbro
Comment Utility
thanks very much
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

I recently went through the process of creating a Calendar Control of events with the basis of using a database to keep track of the dates that are selectable, one requirement was to have the selected date pop-up in a simple lightbox.  At first this…
It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now