I'm having problems passing parameters to a SQL string for a SqlCommand
. When I use option 1 (see below), the code works. When I use option 2, it doesn't work. I'm not sure how to get the .AddWithValue
method to work with the SqlCommand
.
Any help would be appreciated!
private string [] GetOrderInfo (string folder)
{
string [] order = new string [] { "date", "order#", "storeid", "storename", "username" };
using (SqlConnection conn = new SqlConnection (_connectionString))
{
conn.Open ();
// Option 1: this line works.
//string sql = "select * from OrderProduct where OrderProductID=26846";
// Option 2: this line doesn't work.
string sql = "select * from OrderProduct where OrderProductID=@folder;";
using (SqlCommand command = new SqlCommand (sql, conn))
{
command.Parameters.AddWithValue ("@folder", folder);
using (SqlDataReader reader = command.ExecuteReader ())
{
while (reader.Read ())
order [1] = Convert.ToString (reader.GetInt32 (1));
}
}
conn.Close ();
} // using (SqlConnection conn = new SqlConnection (connectionString))
return order;
}