freddy <fr****@discussions.microsoft.com> wrote:
ok lets say I use the insertcommand in ado.net to insert a string from the
info the user rights in a textbox.
The textbox name is txtName.text do I use ('" +txtname.text +"'); or do I
use a parameter and if so how would I change ('" +txtname.text +"'); to a
parameter
*Always* use a parameter - that way you don't need to worry about SQL
injection attacks and things like the right format for dates.
As for how you'd do it - I suggest you read the examples in the
SqlParameter and related classes.
--
Jon Skeet - <sk***@pobox.com>
http://www.pobox.com/~skeet
If replying to the group, please do not mail me too