473,386 Members | 1,673 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > c# / c sharp > questions > alternative way to write queries: parameterized queries .... i guess

Join Bytes to post your question to a community of 473,386 software developers and data experts.

Alternative way to write queries: Parameterized queries .... i guess

i write query in this manner by contatenting a string:

cmd.CommandText = "SELECT acc_name FROM Account_Information
where user_id='" + User_Id + "'";
Is there any other way to do it....

please tell me how to do so and some good link related to that?

Mar 28 '07 #1
2 1674
Doing that is a big no-no for both protection from SQL injection and
for performance. See http://davidhayden.com/blog/dave/arc...0/24/2528.aspx
for info on that.

For your basic CRUD type operations parameterized queries are the way
to go
There are a bunch of example on the net such as
http://www.csharp-station.com/Tutori.../Lesson06.aspx
Other alternatives include object relational mapper such as LLBLGen
Pro, NHibernate. Theses are nice for big projects. At the top level
they make your query look like an object and then you perform actions
against that object.

The last alternative would be using stored procedures for your CRUD
based queries. http://www.codinghorror.com/blog/archives/000117.html
gives a good description on the pro/cons of using them for CRUD

Mar 28 '07 #2
weird0 <am********@gmail.comwrote:
i write query in this manner by contatenting a string:

cmd.CommandText = "SELECT acc_name FROM Account_Information
where user_id='" + User_Id + "'";
Is there any other way to do it....
Yes - the above has huge dangers with respect to SQL injection attacks,
as well as making it harder for the query optimiser.
please tell me how to do so and some good link related to that?
It depends on which database provider you're using, but if you look at
SqlCommand.Parameters you'll see an example for the SQL Server
provider.

--
Jon Skeet - <sk***@pobox.com>
http://www.pobox.com/~skeet Blog: http://www.msmvps.com/jon.skeet
If replying to the group, please do not mail me too
Mar 28 '07 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
Optimising MySQL queries against huge databases?
by: Jasper Bryant-Greene | last post by:
I have a database of movie titles, with about 78,000 records, and a database of related people (directors, writers, actors/actresses etc.) with about 141,000 records. I display a random movie out...
PHP
1
parameterized queries running slower than non-parameterized queries
by: gary b | last post by:
Hello When I use a PreparedStatement (in jdbc) with the following query: SELECT store_groups_id FROM store_groups WHERE store_groups_id IS NOT NULL AND type = ? ORDER BY group_name
Microsoft SQL Server
115
Open source alternative for MsAccess?
by: TheAd | last post by:
At this moment I use MsAccess and i can build about every databound application i want. Who knows about a serious open source alternative? Because Windows will be a client platform for some time, i...
Microsoft Access / VBA
3
Need an alternative to Lookup fields
by: google | last post by:
I have a database with four table. In one of the tables, I use about five lookup fields to get populate their dropdown list. I have read that lookup fields are really bad and may cause problems...
Microsoft Access / VBA
1
excel automation, cross tab query, parameterized queries
by: Roger | last post by:
I've got a filter form to select customers, products, etc and these are used in parameter queries, ie WHERE t_cuno Like !! the parameter queries, roll up to a crosstab query, that is used to...
Microsoft Access / VBA
7
pass-through queries and parameters
by: Zlatko Matić | last post by:
Let's assume that we have a database on some SQL server (let it be MS SQL Server) and that we want to execute some parameterized query as a pass.through query. How can we pass parameters to the...
Microsoft Access / VBA
2
Help with parameterized queries
by: deko | last post by:
Is it possible to build a parameterized query from another parameterized query? I've tried two variations of this and can't seem to get it to work (using DAO). Any suggestions welcome! I...
Microsoft Access / VBA
4
Parameterized queries with SqlCommand
by: =?Utf-8?B?Sm9uIEphY29icw==?= | last post by:
For MS SQL Server... I am used to declaring local variables in my SQL queries... Declare @MyInt int, @MyChar varchar(33) Parameters were idenfitied with a colon... Where ModDate :MyDate But,...
.NET Framework
14
Editing disabled by alternative to INNER JOIN
by: cjakeman | last post by:
Hi, Solved a little mystery yesterday when I built a form that combined 2 tables with a 1:M relationship and relational integrity. All the correct data was visible on the form but, if I tried to...
Microsoft Access / VBA
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!