.NET Tip

useful tip i feel ,

Using String.Format() Method.

Replaces each format specification in a specified String with the textual
equivalent of a

corresponding object's value
string strSQL;
strSQL = "SELECT * FROM Products ";
strSQL += " WHERE CategoryID = {0}";
strSQL += " AND SupplierID = {1}";
strSQL = String.Format(strSQL, 5, 12);

When this string comes back 5 will be placed where the {0} is located in the string
and the 12 will be placed where the {1} is located.
"SELECT * FROM Products WHERE CategoryID = 5 AND SupplierID = 12"

amit agarwal
india
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.574 / Virus Database: 364 - Release Date: 1/29/2004

useful tip i feel ,

Using String.Format() Method.

Replaces each format specification in a specified String with the textual
equivalent of a

corresponding object's value
string strSQL;
strSQL = "SELECT * FROM Products ";
strSQL += " WHERE CategoryID = {0}";
strSQL += " AND SupplierID = {1}";
strSQL = String.Format(strSQL, 5, 12);

When this string comes back 5 will be placed where the {0} is located in the string
and the 12 will be placed where the {1} is located.
"SELECT * FROM Products WHERE CategoryID = 5 AND SupplierID = 12"

amit agarwal
india
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.574 / Virus Database: 364 - Release Date: 1/29/2004

useful tip i feel ,

Using String.Format() Method.

Replaces each format specification in a specified String with the textual
equivalent of a

corresponding object's value
string strSQL;
strSQL = "SELECT * FROM Products ";
strSQL += " WHERE CategoryID = {0}";
strSQL += " AND SupplierID = {1}";
strSQL = String.Format(strSQL, 5, 12);

When this string comes back 5 will be placed where the {0} is located in the
string
and the 12 will be placed where the {1} is located.
"SELECT * FROM Products WHERE CategoryID = 5 AND SupplierID = 12"

amit agarwal
india
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.574 / Virus Database: 364 - Release Date: 1/29/2004

Unfortunately, using string concatenation and string format to put
parameters into SQL commands also places you at higher risk for SQL
injection attacks.

--
Scott
http://www.OdeToCode.com

On Fri, 30 Jan 2004 14:00:07 +0530, ".NET Follower"
<am*************@SoftHome.net> wrote:

useful tip i feel ,

Using String.Format() Method.

Replaces each format specification in a specified String with the textual
equivalent of a

corresponding object's value
string strSQL;
strSQL = "SELECT * FROM Products ";
strSQL += " WHERE CategoryID = {0}";
strSQL += " AND SupplierID = {1}";
strSQL = String.Format(strSQL, 5, 12);

When this string comes back 5 will be placed where the {0} is located in thestring
and the 12 will be placed where the {1} is located.
"SELECT * FROM Products WHERE CategoryID = 5 AND SupplierID = 12"

amit agarwal
india
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.574 / Virus Database: 364 - Release Date: 1/29/2004