Browse DevX
Sign up for e-mail newsletters from DevX

Tip of the Day
Language: Enterprise
Expertise: Intermediate
Sep 2, 1999



Building the Right Environment to Support AI, Machine Learning and Deep Learning

Benefits to Executing SQL Queries with the Command Object

You should compile your SQL queries with the ADO Command object to avoid problems that can arise from concatenating strings and variables to form SQL queries. Using Command object's Parameter collection can help you avoid the problems related to defining certain types of string, date, and time variables. SQL query values containing apostrophes (') can cause a query to fail.

strSQL = "INSERT INTO person (Name) VALUES ('MyNameWith'Quote')"

Here the name MyNameWith'Quote contains an apostrophe which conflicts with the apostrophes used to denote data in the SQL VALUES keyword. However, by binding the query value as a Command object parameter, you can avoid this type of problem. The code segment showing the usage assumes that cm is an already instantiated Command object which has been already set to the active connection that has been already opened.

strSQL = "INSERT INTO person (Name) VALUES (?)"
cm.CommandText. = strSQL
cm.Parameters.Append cm.CreateParameter("Name",200, ,255 )
cm("Name") = "MyNameWith'Quote"

Jai Bardhan
Comment and Contribute






(Maximum characters: 1200). You have 1200 characters left.



Thanks for your registration, follow us on our social networks to keep up-to-date