• 0

[C#]SqlCommand Parameter Junk


Question

Okay, usually if I'm not going to use a stored proceedure I just use a sqlcommand and build the select string. Today I decided that I'm going to do it the correct way using parameters like I do with stored procs.

So instead of doing something like:

SqlCommand cmd = new SqlCommand("SELECT * FROM People WHERE Name LIKE '%Bob%'");

I did:

SqlCommand cmd = new SqlCommand("SELECT * FROM People WHERE Name LIKE '%@Name%'");
cmd.Parameters.Add("@Name", SqlDbType.NVarChar);

cmd.Parameters["@Name"].Value = "Bob"

The frustrating thing is that it's not returning anything. :angry: What am I doing wrong?

Link to comment
Share on other sites

7 answers to this question

Recommended Posts

  • 0

SqlCommand cmd = new SqlCommand("SELECT * FROM People WHERE Name LIKE @Name");

cmd.Parameters.Add("@Name", SqlDbType.NVarChar);

cmd.Parameters["@Name"].Value = "%Bob%"

Link to comment
Share on other sites

  • 0
I can't think of way to inject SQL in either of the two methods. :huh:

You are right, I was just referring to the first example you gave since the thought process looked more complete. :)

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.