>>Yes, parameters are *definitely* better and yes, you won't need to worry about escaping the quote.
>>
>>

>>Command.CommandText = "INSERT INTO Programs (ProgName, ProgramDescription, " +
>>                "Location, CoordinatorID) VALUES(@Name, @Description, @Location, @ID)\nSELECT @@IDENTITY";
>>Command.Parameters.AddWithValue("@Name", this.txtbName.Text);
>>Command.Parameters.AddWithValue("@Description", this.txtbDescription.Text);
>>Command.Parameters.AddWithValue("@Location", this.txtbLocation.Text);
>>Command.Parameters.AddWithValue("@ID", CoID);
>>

>>
>
>Hi Bonnie,
>
>Can I use the same technique within a loop or I should go John's way?
>
>I tried to change the original code using string.Format to
>

>            foreach (ListItem Item in this.lsbEvntTargetPop.Items)
>            {
>                if (Item.Selected)
>                {
>                    Command.CommandText += "\nINSERT INTO EventTargets VALUES(@EvID,@EventVal)";
>                    Command.Parameters.AddWithValue("@EventVal", Item.Value);
>
>                }
>            }

>
>but I'm getting an error. How should I change this?
>
>Thanks again for your help.


Naomi,

In your example, you are appending the insert command to the command text over and over and over. It will error on that alone.
If you want to add separate insert statements you must use a ';' to end the statement before you append the next.