Login | Register   
LinkedIn
Google+
Twitter
RSS Feed
Download our iPhone app
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   FORUMS  |   TIP BANK
Browse DevX
Sign up for e-mail newsletters from DevX


Tip of the Day
Language: Enterprise
Expertise: Intermediate
Sep 1, 1999

Benefits to Executing SQL Queries with the Command Object

You should compile your SQL queries with the ADO Command object to avoid problems that can arise from concatenating strings and variables to form SQL queries. Using Command object's Parameter collection can help you avoid the problems related to defining certain types of string, date, and time variables. SQL query values containing apostrophes (') can cause a query to fail.

strSQL = "INSERT INTO person (Name) VALUES ('MyNameWith'Quote')"

Here the name MyNameWith'Quote contains an apostrophe which conflicts with the apostrophes used to denote data in the SQL VALUES keyword. However, by binding the query value as a Command object parameter, you can avoid this type of problem. The code segment showing the usage assumes that cm is an already instantiated Command object which has been already set to the active connection that has been already opened.

strSQL = "INSERT INTO person (Name) VALUES (?)"
cm.CommandText. = strSQL
cm.Parameters.Append cm.CreateParameter("Name",200, ,255 )
cm("Name") = "MyNameWith'Quote"
cm.Execute

Jai Bardhan
 
Comment and Contribute

 

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Sitemap
Thanks for your registration, follow us on our social networks to keep up-to-date