|
|
|
|
| When you write Insert statements, it can be difficult to accommodate the possible values end users might enter into a textbox. The most common task is replacing single quotes with double quotes. However, parameterized queries provide two benefits: You do not have to parse data entered by users—except for business rules; and SQL Server immediately caches the SQL statement: |
 Click here to copy the following block | Dim cmd As ADODB.Command
Dim prm As ADODB.Parameter
Set cmd = New ADODB.Command
Set prm = New ADODB.Parameter
With cmd
.ActiveConnection = CONNECT_STRING
.CommandText = "INSERT INTO employees " & _
"(name) VALUES(?)"
.CommandType = adCmdText
Set prm = .CreateParameter(, adChar, _
adParamInput, 50, Me.txtName.Text)
.Parameters.Append prm
.Execute
End With
Set cmd = Nothing
Set prm = Nothing |
|
|
|
|
|
|
Submitted By :
Nayan Patel
(Member Since : 5/26/2004 12:23:06 PM)
|
 |
|
|
Job Description :
He is the moderator of this site and currently working as an independent consultant. He works with VB.net/ASP.net, SQL Server and other MS technologies. He is MCSD.net, MCDBA and MCSE. In his free time he likes to watch funny movies and doing oil painting. |
|
View all (893) submissions by this author
(Birth Date : 7/14/1981 ) |
|
|