You want to create and execute a SQL statement having parameters that are set dynamically.
Add parameters to the
The sample code contains two event handlers and one method:
Sets up the sample by creating a
containing all Customers data from Northwind. The default view of the
table is bound to a
Customers data grid on the
form. The handler for the
of the data grid is called to initialize the grid containing Orders
with the data for the row selected by default in the
Customers data grid.
CustomerID from the data grid when the
rows selected in the data grid changes and calls the
LoadOrderGrid( ) method to update the Orders
displayed to match the selected Customer.
This method defines a parameterized SQL statement. A
Command is built from the statement and the single
@CustomerID is created and set to the
customerId argument passed into the method. The
Command is used by a
DataAdapter to fill a
with the Orders for the specified Customer. The default view of the
table is bound to the Customers data grid on the form.
The C# code is shown in Example 2-30.
Example 2-30. File: UsingParameterizedQueriesForm.cs
// Namespaces, variables, and constants using System; using System.Configuration; using System.Data; using System.Data.SqlClient; // Table name constants private const String CUSTOMERS_TABLE ...