I think the best way is to use a stored procedure with an SqlCommand object.
It's faster and safer.
Suppose your stored proc looks like this:
CREATE PROC [your_procedure_name]
@Param1 datatype,
@Param2 datatype,
@Param3 datatype,
@Param4 datatype
AS
INSERT INTO table_name (field1, field2, field3, field4) VALUES (@Param1,
@Param2, @Param3, @Param4)
GO
Then your code should look like this:
SqlConnection oCn = new SqlConnection(yourconnectionstring);
oCn.Open();
SqlCommand oCmd = oCn.CreateCommand();
oCmd.Parameters.Add("@Param1", SqlDbType.datatype, size).Value =
"param1_value"'
oCmd.Parameters.Add("@Param2", SqlDbType.datatype, size).Value =
"param2_value"'
oCmd.Parameters.Add("@Param3", SqlDbType.datatype, size).Value =
"param3_value"'
oCmd.Parameters.Add("@Param4", SqlDbType.datatype, size).Value =
"param4_value"'
oCmd.ExecuteNonQuery();
oCn.Close()
oCn.Dispose();
oCmd.Dispose();
I also suggest to you used try...catch...finally statements.
<ho********@yahoo.com> wrote in message
news:11*********************@z34g2000cwc.googlegro ups.com...
I have a simple form. I would like to insert the values from the form
into a SQL table. What is the best way to do it?
I assume that using a stored procedure is preferable to using the
UpdateCommand="Insert into..."
When using a stored procedure, is it better to use a SqlDataSource or
an ObjectDataSource? Is it better to make it formview and use
asp:Parameter or not put it in a formview and use asp:FormParameter, or
is there a better way?