Wrox Programmer Forums
| Search | Today's Posts | Mark Forums Read
ASP.NET 1.0 and 1.1 Professional For advanced ASP.NET 1.x coders. Beginning-level questions will be redirected to other forums. NOT for "classic" ASP 3 or the newer ASP.NET 2.0 and 3.5
Welcome to the p2p.wrox.com Forums.

You are currently viewing the ASP.NET 1.0 and 1.1 Professional section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old July 6th, 2005, 09:18 PM
Authorized User
 
Join Date: Jun 2005
Location: , , Philippines.
Posts: 97
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via Yahoo to aldwinenriquez
Default Using parameter arrays

I am building an insert sql string at runtime and want to use parameter array coz Im afraid of sql injections.How do i do that?

Aldwin Enriquez
"Dont you ever give up!"
__________________
\"Dont you ever give up!\"
 
Old July 6th, 2005, 10:00 PM
Authorized User
 
Join Date: Jun 2005
Location: , , Philippines.
Posts: 97
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via Yahoo to aldwinenriquez
Default

Can I use the ? operator here?

Aldwin Enriquez
"Dont you ever give up!"
 
Old July 7th, 2005, 03:10 AM
Authorized User
 
Join Date: Jun 2005
Location: , , Philippines.
Posts: 97
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via Yahoo to aldwinenriquez
Default

Here is my sample code.It doesn't work in ADO.NET.
Any workaround for this?

SqlCommand cmd = new SqlCommand("Insert into EMP (EMPNAME,EMPPOSITION) VALUES(?,?)",con);

cmd.Parameters.Add("empName",SqlDbType.NVarChar,64 ).Value = "hello";
cmd.Parameters.Add("Position",SqlDbType.NVarChar,6 4).Value = "world";


Aldwin Enriquez
"Dont you ever give up!"
 
Old July 8th, 2005, 01:16 AM
Authorized User
 
Join Date: Jun 2005
Location: , , Philippines.
Posts: 97
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via Yahoo to aldwinenriquez
Default

Guys,I saw the solution already.
I used @<columnname>" for the SqlCommand and "?" for the OleDbCommand object

Aldwin Enriquez
"Dont you ever give up!"




Similar Threads
Thread Thread Starter Forum Replies Last Post
arrays Moharo PHP How-To 2 April 7th, 2016 01:16 PM
Parameter object malfunction - out parameter dash dev C# 2005 6 December 4th, 2007 12:58 PM
Help with arrays please Planetx33 Visual C++ 2005 1 April 5th, 2007 02:06 AM
Multidemmesional Arrays OR arrays gmoney060 Classic ASP Basics 3 November 1st, 2004 03:42 PM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.