G
Gav
Hi All,
Can somebody tell me the advantage of using SqlParameters over simple
putting the paratmeters in the sql string: ie
Getsomething(int nSomeNumber)
{
string sSqlStatement= "Select * From SomeTable Where index = " +
nSomeNumber.ToString();
SqlCommand ....etc
}
vs
Getsomething(int nSomeNumber)
{
string sSqlStatement= "Select * From SomeTable Where index = @Number";
SqlCommand ....etc
SqlParameter prmNumber = new SqlParameter (...etc (well you know how the
rest goes anyway))
}
Cheers
Gav
PS if I'm using SqlParameters how easy is it to change the values and rerun
the command?
Can somebody tell me the advantage of using SqlParameters over simple
putting the paratmeters in the sql string: ie
Getsomething(int nSomeNumber)
{
string sSqlStatement= "Select * From SomeTable Where index = " +
nSomeNumber.ToString();
SqlCommand ....etc
}
vs
Getsomething(int nSomeNumber)
{
string sSqlStatement= "Select * From SomeTable Where index = @Number";
SqlCommand ....etc
SqlParameter prmNumber = new SqlParameter (...etc (well you know how the
rest goes anyway))
}
Cheers
Gav
PS if I'm using SqlParameters how easy is it to change the values and rerun
the command?