RE: Syntax error in insert statement?

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Yeah those are valid points. I have a piece of code that i wrote that handles
the ' chars, and security isnt an issue because no one but my code can
connect to the server. however this is not the case in other peoples
situations, so i probably shouldnt suggest it here.

can you point me to an example of c# code that uses the parameters?

"dkocur" wrote:

> Josh, Thanks for the reply. The ? are placeholders for parameters. There
> are numerous reasons for using parameters instead of building the string as
> you mention. I'll give you two:
>
> 1. Security. It prevents a SQL injection attack.
> 2. I don't have to format strings such as this one to insert them. (Note
> the apostrophe in the word don't.)
>
> I've managed to get it to work using named parameters, but I'd prefer to use
> unnamed parameters to maximize performance.
>
> "Josh Hawley" wrote:
>
> > I'm not sure why you are putting question marks in there...
> > I usually use a stringbuilder to make my queries, it helps alot...
> > escpecially when the queries get really long and complex (i have some that
> > are 4 pages long). something like this:
> >
> > string viewID="1";
> > string name="Josh";
> > string namespace="namespace";
> >
> > StringBuilder query=new StringBuilder();
> > query.AppendFormat("insert into BusDataObject (View_ID, Name, NameSpace)
> > Values ('{0}', '{1}', '{2}')", viewID, name, namespace);
> > // the {0} inserts the value into the string
> > // it is important to have single quotes around any string values to prevent
> > them from running too long
> >
> >
> >
> > "dkocur" wrote:
> >
> > > "insert into BusDataObject (View_ID, Name, NameSpace) Values (?, ?, ?);"
> > >
> > > results in "Incorrect syntax near '?'."
> > >
> > > I'm using C# Express Beta 1 with SQL Server. I know it has to be something
> > > simple, but I just can't figure it out.
.

Relevant Pages

  • Re: search for files/documents
    ... David, thanks for the explanation. ... for sure contain this string. ... Note previous versions would not find unicode text in files not marked unicode just like XP. ... > There are five kinds of queries: ...
    (microsoft.public.windowsxp.basics)
  • Re: As a generale rule - Query or VBA?
    ... But I end up with loads of queries with long names like: ... Stored queries have a precompiled query plan. ... For a code jockey the SQL string is tempting. ...
    (comp.databases.ms-access)
  • Re: LINQ Dynamic Data Model
    ... 90% of cases whole compile times check is OK. ... For remaining 6% cases dynamic properties can be used. ... For remaining 4% of cases string based queries should be used in ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Update query on all records in a table automatically
    ... Dim SQL1 as string ... if you find yourself cycling through a top level table and running queries ... > to run a price matrix against the price fields in the ...
    (microsoft.public.access.queries)
  • Re: Updating only changed records
    ... What exactly are the queries doing? ... a query that will update matching records, and add records that don't match. ... Dim stDocName1 As String ... Dim Msgstr2 As String ...
    (microsoft.public.access.formscoding)