how to add parameter

Question

How to add parameter i use

i have to insert multi value for making submition form

string connectionString12 = ConfigurationManager.ConnectionStrings["mobile_db"].ConnectionString;
OleDbConnection con = new OleDbConnection(connectionString12);
OleDbCommand cmdinsert = new OleDbCommand("insert into brand_tbl (brand_name)values(@2GNetwork)", con);
Parameter ab = new Parameter();

Greg · Answer 1 · 2010-11-09T19:35:50.340

For each parameter, you need to create a parameter object, assign it's name and value, and add the parameter to the command. The following example should get you started.

public void MyInsert(string twoGNetwork)
{
    string connectionString; // get your connection string here
    using (DbConnection connection = new OleDbConnection(connectionString))
    using (DbCommand command = connection.CreateCommand())
    {
        command.CommandText = "insert into brand_tbl (brand_name) values (@2GNetwork)";

        // Add parameters
        AddParameter(command, "@2GNetwork", twoGNetwork);

        connection.Open();
        command.ExecuteNonQuery();
    }
}

private static void AddParameter(DbCommand command, string name, object value)
{
    DbParameter param = command.CreateParameter();
    param.ParameterName = name;
    param.Value = value;
    command.Parameters.Add(param);
}

Edit:
I'm reading that OLEDB may ignore the names of the parameter and only respect the order. So make sure that you add your parameters in the order that they are used.

JohnB · Answer 2 · 2010-08-05T15:53:40.880

-2

I'm not sure I completely understand your question. You don't need parameters unless you are calling stored procedures. If you are passing in a SQL query, then you can pass in arguments in a string.Format() perhaps.

(the below example was adapted from MSDN)

string customerId = "NWIND"
string companyName = "Northwind Traders";

OleDbConnection myConnection = new OleDbConnection(myConnectionString);
string myInsertQuery = string.Format("INSERT INTO Customers (CustomerID, CompanyName) Values('{0}', '{1}')", customerId, companyName);
OleDbCommand myCommand = new OleDbCommand(myInsertQuery);
myCommand.Connection = myConnection;
myConnection.Open();
myCommand.ExecuteNonQuery();
myCommand.Connection.Close();

However, if you wish you call a stored procedure instead, this is how you would do it with OleDB:

(below example was adapted from MSDN)

OleDbConnection myConnection = new OleDbConnection(myConnectionString);
OleDbCommand salesCMD = new OleDbCommand("SalesByCategory", nwindConn);
salesCMD.CommandType = CommandType.StoredProcedure;
OleDbParameter myParm = salesCMD.Parameters.Add("@CategoryName", OleDbType.VarChar, 15);
myParm.Value = "Beverages";
myConnection.Open();
OleDbDataReader myReader = salesCMD.ExecuteReader();
myConnection.Close();

edited Aug 05 '10 at 15:53

answered Aug 05 '10 at 15:45

JohnB

18,046
16
98
110

3

Let's not encourage people to use String.Format. Named parameters are more secure and and can work without stored procedures. – Greg Nov 09 '10 at 18:11
1

And OLEDB parameters are going to need to go in ordinally. – Mike Cheel Nov 09 '10 at 18:46
1

Using string concatenation or String.Format to create a query is really not done. You'll surely end up having problems (I'm thinking of dates, I'm thinking sql injection, etc...). You can perfectly use parameters for embedded queries; parameters are not limited to stored procedures only. – Frederik Gheysels Nov 09 '10 at 19:28
Open up google and search for bobby tables. It will explain, why this approach is a huge security risk. Imagine the following parameter value in a select statement: ' or 1=1 -- – matthias.lukaszek Aug 01 '11 at 20:48

how to add parameter

2 Answers2