Hello,
After doing a couple small projects where I concatenated my SQL queries, I decided I needed to finally bite the bullet and do this the right way with parameters.
What I have so far is code that can insert to the DB, and gets the ID returned of the row that was just inserted. That DBID gets stored for later use by another part of my program.
So my question is, if I want to do a "SELECT someColumn FROM someTable WHERE DBID=theOneFrom Earlier", is it correct to somehow do a SQL parameter on the DBID I'm passing, or at this point is it OK to simply concatenate that variable into my SQL statement?
If passing DBID as a parameter is still correct, how is that done when my end result is reading data? I know I could do it the same way I returned the DBID from my INSERT statement (Setting up a new SqlParameter, setting it's direction to output, etc) but this seems like I *lot* of overhead if I were setting it up for 15 fields I needed returned?
If it's standard practice to concatenate at this point, I can do that fine and get myself a DataReader as I was doing before with no problems. Any advice is much appreciated!
Maxx
After doing a couple small projects where I concatenated my SQL queries, I decided I needed to finally bite the bullet and do this the right way with parameters.
What I have so far is code that can insert to the DB, and gets the ID returned of the row that was just inserted. That DBID gets stored for later use by another part of my program.
So my question is, if I want to do a "SELECT someColumn FROM someTable WHERE DBID=theOneFrom Earlier", is it correct to somehow do a SQL parameter on the DBID I'm passing, or at this point is it OK to simply concatenate that variable into my SQL statement?
If passing DBID as a parameter is still correct, how is that done when my end result is reading data? I know I could do it the same way I returned the DBID from my INSERT statement (Setting up a new SqlParameter, setting it's direction to output, etc) but this seems like I *lot* of overhead if I were setting it up for 15 fields I needed returned?
If it's standard practice to concatenate at this point, I can do that fine and get myself a DataReader as I was doing before with no problems. Any advice is much appreciated!
Maxx
Comment