Working with Parameterized Queries

There are many scenarios in which you might want to use parameterized queries, but the most common scenario occurs when you need user input in your query.

Formatting User Input in a Query String

Let’s say that you’re building an application that lets a user examine the orders placed by a particular customer. The application user will specify customer information while the application is running, whether that be the company name or some other information. You’ll likely want to construct a "base" query, apply the user’s input, and execute the query.

There are two basic approaches you could follow. First, you could look for a way to embed the user input into your query string, perhaps using the String.Format function ...

Get Programming Microsoft® ADO.NET 2.0 Core Reference, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Programming Microsoft® ADO.NET 2.0 Core Reference, 2nd Edition by

Working with Parameterized Queries

Formatting User Input in a Query String

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly