469,346 Members | 6,483 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,346 developers. It's quick & easy.

inserting data into SQL Database

Please,
I want to insert data into SQL Server database. I know for
this commmand:
SqlCommand myCommand= new SqlCommand("INSERT INTO table
(Column1, Column2) " +
"Values ('string', 1)", myConnection);
,but how to insert,lets say,a string from textbox1? Or
datetime from textbox2?
Thank you
djozy
Nov 15 '05 #1
1 17109
I'd recommend using the parameters collection rather than concatenating SQL
Statement into a string (Which is susceptible to SQL Injection exploits),
for example using SqlDataAdapter wizard code you would add the following
line:

SqlInsertCommand1.Parameters["@LastName"].Value = textBox1.Text;

I included some IDE generated code at the bottom of the email so you can see
how the above line relates to the SqlCommand as a whole.
--
Brian M. Reisman
MCAD, MCDBA, MCSD,
MCSE, MCT, OCA, NET+
My Book @ Amazon: http://www.amazon.com/exec/obidos/tg...l/-/0782141617
Wizard generated code:

this.sqlInsertCommand1.CommandText = @"INSERT INTO Employees(LastName,
FirstName, Title, TitleOfCourtesy, BirthDate, HireDate, Address, City,
Region, PostalCode, Country, HomePhone, Extension, Photo, Notes, ReportsTo,
PhotoPath) VALUES (@LastName, @FirstName, @Title, @TitleOfCourtesy,
@BirthDate, @HireDate, @Address, @City, @Region, @PostalCode, @Country,
@HomePhone, @Extension, @Photo, @Notes, @ReportsTo, @PhotoPath); SELECT
EmployeeID, LastName, FirstName, Title, TitleOfCourtesy, BirthDate,
HireDate, Address, City, Region, PostalCode, Country, HomePhone, Extension,
Photo, Notes, ReportsTo, PhotoPath FROM Employees WHERE (EmployeeID =
@@IDENTITY)";

this.sqlInsertCommand1.Connection = this.sqlConnection2;

this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@LastName",
System.Data.SqlDbType.NVarChar, 20, "LastName"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@FirstName",
System.Data.SqlDbType.NVarChar, 10, "FirstName"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@Title", System.Data.SqlDbType.NVarChar,
30, "Title"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@TitleOfCourte sy",
System.Data.SqlDbType.NVarChar, 25, "TitleOfCourtesy"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@BirthDate",
System.Data.SqlDbType.DateTime, 8, "BirthDate"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@HireDate",
System.Data.SqlDbType.DateTime, 8, "HireDate"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@Address",
System.Data.SqlDbType.NVarChar, 60, "Address"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@City", System.Data.SqlDbType.NVarChar,
15, "City"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@Region",
System.Data.SqlDbType.NVarChar, 15, "Region"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@PostalCode",
System.Data.SqlDbType.NVarChar, 10, "PostalCode"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@Country",
System.Data.SqlDbType.NVarChar, 15, "Country"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@HomePhone",
System.Data.SqlDbType.NVarChar, 24, "HomePhone"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@Extension",
System.Data.SqlDbType.NVarChar, 4, "Extension"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@Photo",
System.Data.SqlDbType.VarBinary, 2147483647, "Photo"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@Notes", System.Data.SqlDbType.NVarChar,
1073741823, "Notes"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@ReportsTo", System.Data.SqlDbType.Int,
4, "ReportsTo"));
this.sqlInsertCommand1.Parameters.Add(new
System.Data.SqlClient.SqlParameter("@PhotoPath",
System.Data.SqlDbType.NVarChar, 255, "PhotoPath"));

"djozy" <an*******@discussions.microsoft.com> wrote in message
news:04****************************@phx.gbl... Please,
I want to insert data into SQL Server database. I know for
this commmand:
SqlCommand myCommand= new SqlCommand("INSERT INTO table
(Column1, Column2) " +
"Values ('string', 1)", myConnection);
,but how to insert,lets say,a string from textbox1? Or
datetime from textbox2?
Thank you
djozy

Nov 15 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

2 posts views Thread by altergothen | last post: by
6 posts views Thread by Pushpendra Vats | last post: by
2 posts views Thread by Etayki | last post: by
6 posts views Thread by Bunty | last post: by
reply views Thread by suresh191 | last post: by
1 post views Thread by Marylou17 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.