Re: SQL Parameter

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: "Chris" <dsoft63@xxxxxxxxxxxx>
Date: 2 Feb 2007 10:55:33 -0800

On Feb 2, 5:39 pm, "PokerMan" <nos...@xxxxxxxxxxxxxx> wrote:

ah i see. Well this is why stored procedures are better, imagine how much
easier your job would be if this was all database side?

Not necessarily so, as this arrangement may well evolve into a DBA and a developer position
ie two jobs, and companies don't like it.

"most of my SQL calls in my apps are client side"

Even more reason to use stored procedures for secuirty. If your client app
was hacked they'd get plenty of db info. that aside they are just good
practice. This comment tho almost implies you don't think you can call a
stored procedure from client side? I presume you know you can right?

I do use Stored Procedures (in Delphi apps, I am only just migrating to C#). Incidentally Delphi
is so much better at data access than this C# muddle that I am trying to wade through.Regarding
security the use of parameters lessens (eliminates ?) injection attacks.

The error you got was saying that the variable wsn't declared not that it
wasn't being set. it wasn't even getting that far. Either way try this kind
of syntax and see if it works:

I stll get the same error message with the code below. I have tried
using a string instead of a bool - but no difference. Without using a paramter
the code executes OK. Is param.ParameterName = "@stillemployed" not the declaration ?
(PS I'm using SQL Server SP4, and Visual Studio 2005 SP1 on XP)

SqlParameter param = new SqlParameter();
param.ParameterName = "@stillemployed";
param.Value = checkBox1.Checked;

SqlCommand cmd = new SqlCommand(
"SELECT * FROM Engineer " +
"WHERE STILLEMPLOYED =
@stillemployed");, MyConnection);

cmd.Parameters.Add(param);

DataSet myDataSet = new DataSet("Engineers");
try
{
(new SqlDataAdapter(mySqlCommand.CommandText,
MyConnection)).Fill(myDataSet, "Engineers");
}
catch (Exception ex)
{
System.Windows.Forms.MessageBox.Show("SQL: " + ex.Message,
"SQL fout");
}

MyConnection.Close();

Follow-Ups:
- Re: SQL Parameter
  - From: PokerMan

References:
- SQL Parameter
  - From: Chris Divine
- Re: SQL Parameter
  - From: PokerMan
- Re: SQL Parameter
  - From: Chris
- Re: SQL Parameter
  - From: PokerMan

Prev by Date: Trying to get a scripting environment for a WebBrowserClass object
Next by Date: Re: Vista, C#, and Regsvr32
Previous by thread: Re: SQL Parameter
Next by thread: Re: SQL Parameter
Index(es):
- Date
- Thread

Relevant Pages

Re: SQL Parameter
... Even more reason to use stored procedures for secuirty. ... If your client app ... SqlCommand cmd = new SqlCommand( ...
(microsoft.public.dotnet.languages.csharp)
Re: Business objects, subset of collection
... SQL databases sucks for searching large data sets, ... TPC implementations rely heavily on stored procedures. ... Application modules that are executed on the client side but are stored on the server side. ... Lets say you want to find all unpaid invoices. ...
(comp.object)
Re: Roger Jennings on Access/Sharepoint
... report or query, ... distilled back into a single access database on the client end ... Given the restrictions that come with web apps compared to client ... front-end distribution dependent on Access Services. ...
(comp.databases.ms-access)
Re: WCF Contract Design Best Practices Question
... don't have to worry about maintaining client apps. ... I had this thought that I could host my WFC client proxies in this library ... my WCF object I'm still going to have to ... properties that are used just for the web service. ...
(microsoft.public.dotnet.framework.webservices)
Re: Subscript out of range, obvious?
... All your client apps could declare that logging object WithEvents so ... Sorry Larry I'm not familiar with the OO fashion relating to this. ... I've just been trying to read db tables, then a text file from the client ... master program is running. ...
(microsoft.public.vb.general.discussion)