Parameter Query
If we pass the value with (, ' " ! $) symbols in the control that will not be accepted through normal query.
Parameter Query is used to accept the value with special symbols in the control like textbox.
Parameter Query use a user defined variable with an @ sign.
In Parameter Query control is written in a different syntax.
Column name and variable name can not be the same.
Without column_name we can not perform Parameter query.
Syntax-
Insert-
string s= "insert into Table_name (Column_name) values (@variable_name)";
cm = new SqlCommand(s,cn);
cm.Parameters.AddWithValue("variable_name", control_name);
cm.ExecuteNonQuery();
Update-
string q = "update Proc_table set name=@name1 where email = @email1";
cm = new SqlCommand(q, cn);
cm.Parameters.AddWithValue("name1", TextBox1.Text);
cm.Parameters.AddWithValue("email1", TextBox2.Text);
cm.ExecuteNonQuery();
Comments
Post a Comment