Hi All,
Can somebody tell me the advantage of using SqlParameters over simple
putting the paratmeters in the sql string: ie
Getsomething(int nSomeNumber)
{
string sSqlStatement= "Select * From SomeTable Where index = " +
nSomeNumber.ToString();
SqlCommand ....etc
}
vs
Getsomething(int nSomeNumber)
{
string sSqlStatement= "Select * From SomeTable Where index = @Number";
SqlCommand ....etc
SqlParameter prmNumber = new SqlParameter (...etc (well you know how the
rest goes anyway))
}
Cheers
Gav
PS if I'm using SqlParameters how easy is it to change the values and rerun
the command?