473,320 Members | 2,083 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Build an SQL query without SqlCommand

I need to programatically change the SelectCommand of an
SqlDataSource. When I query I use SqlCommand and all the character
escaping is automatically done with SqlCommand.Parameters.Add(); Now,
since SelectCommand property is just a text, I need to manually do the
character escaping. Is there any other built-in query builder that I
can use in this situation?

Oct 27 '07 #1
1 1842
On 27 oct, 12:39, Sin Jeong-hun <typing...@gmail.comwrote:
I need to programatically change the SelectCommand of an
SqlDataSource. When I query I use SqlCommand and all the character
escaping is automatically done with SqlCommand.Parameters.Add(); Now,
since SelectCommand property is just a text, I need to manually do the
character escaping. Is there any other built-in query builder that I
can use in this situation?
What do you mean?, something like that

string sql = "select top 10 au_lname, phone from authors where
au_lname = 'White'";

(Note the single quotes)

However Parameters are the best practice, for security someone could
inject you database with dangerous code.
Regards.
Oct 27 '07 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

10
by: Douglas Buchanan | last post by:
I am using the following code instead of a very lengthly select case statement. (I have a lot of lookup tables in a settings form that are selected from a ListBox. The data adapters are given a...
4
by: Kory | last post by:
How do you stop a long running query with a SQLConnection or SQLCommand? Calling Close on either just waits until the query is done. Is there a way to stop it? The following on a long query ...
11
by: anony | last post by:
Hello, I can't figure out why my parameterized query from an ASP.NET page is dropping "special" characters such as accented quotes & apostrophes, the registered trademark symbol, etc. These...
2
by: Howard | last post by:
How do I do this with parameterized query? without parameterized query: string search = "hello world search"; search = search.Replace(" ", " AND "); SELECT * FROM TABLE1 WHERE TEXT LIKE '%' +...
2
by: =?Utf-8?B?Q2hyaXM=?= | last post by:
How can I run this query against a table in my Access database? I don't know hwo to use it in C#. In VB I would use .Recordset = "some sql statement". How do I do this in C#? //I get a vlaue...
2
by: weird0 | last post by:
Hi! On the recommendation of one of the MVP's on this group....... I tried writing parametrized queries. But the fucking thing does not work and it does not update the data in the table. I...
13
by: ofiras | last post by:
Is there a command to do a query for an SQL database? I managed to make a sql connection variable, and to take info from it by making a SqlDataAdapter with select query in it, and filling the...
0
by: Sin Jeong-hun | last post by:
I need to programatically change the SelectCommand of an SqlDataSource. When I query I use SqlCommand and all the character escaping is automatically done with SqlCommand.Parameters.Add(); Now,...
0
petepell
by: petepell | last post by:
Hello all, I am developing an application in VB 2008 that works with a SQL2005 DB to store and manipulate employee data. In one section of the app I want to be able to show a treeview of the...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.