Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
fwsteal
Starting Member
1 Post |
 Posted - 2006-04-28 : 12:18:02
|
| Is this how I would write an insert statement in asp.net 2.0 using c# into a sql server db?//write to dbSqlConnection conn = new SqlConnection(Application["ConnectionString"]).ToString(); //connection string is in the asax fileSqlCommand comm = new SqlCommand();comm.CommandText = "Insert into tbl_cpupgrd (Model, Price, MonthTerms, FName, LName, Title, MobileNumber, Email, UserID, EmailGroup, OfficeAddr1, OfficeAddr2, OfficeCity, OfficeState, OfficeZip, UpgradeDate) Values ";comm.CommandText += "('" + MModel + "', '" + MPrice + "', '" + MMonth + "', '" + MyFName + "', '" + MyLName + "', '" + MTitle + "', '" + MMobileNumber + "', '" + MEmail + "', '" + MPrimaryEmployeeSignature + "', '" + MEmailGroup + "', '" + MOfficeAddr1 + "', '" + MOfficeAddr2 + "', '" + MOfficeCity + "', '" + MOfficeState + "', '" + MZipCode + "', '" + MLDate + "')"; comm.Connection = conn;conn.Open();if (conn.State == ConnectionState.Open){comm.ExecuteNonQuery(); //insert}else{LabelError.Text = "Error"; //write error}conn.Close();Response.Redirect("confirmation.aspx"); |
|
|
jsmith8858
Dr. Cross Join
7423 Posts |
Posted - 2006-04-28 : 15:41:23
|
| NO!you would use parameters. Never, ever, ever concatenate strings together like that and try to execute them. Ever, ever, ever.Better yet, use stored procedures. |
 |
|
|
|
|
|
|
|
insert into sql server with c#