Plateforme Level Extreme
Abonnement
Profil corporatif
Produits & Services
Support
Légal
English
Should we escape ' when building command text?
Message
De
03/01/2008 14:15:32
Naomi Nosonovsky
Wisconsin, États-Unis
 
 
À
03/01/2008 14:11:56
Bonnie DeWitt
Geneva Systems Group
Ellensburg, Washington, États-Unis
Information générale
Forum:
ASP.NET
Catégorie:
Bases de données
Titre:
Re: Should we escape ' when building command text?
Versions des environnements
Environment:
ASP.NET
OS:
Windows XP
Database:
MS SQL Server
Divers
Thread ID:
01278630
Message ID:
01279323
Vues:
13
>>In run-time that variable @EventVal already declared
>
>Well, yeah ... if you have more than one Item selected in your List, then you'll be adding that parameter more than once. Yeah, that's not gonna work that way. Try this:
>
>
>            ListItem Item;
>            string ParmName;
>            for (int i=0; i < this.lsbEvntTargetPop.Items.Count; i++)
>            {
>                Item = this.lsbEvntTargetPop.Items[i];
>                if (Item.Selected)
>                {
>                    ParmName = "@EventVal" + i.ToString();
>                    Command.CommandText += "\nINSERT INTO EventTargets VALUES(@EvID," + ParmName + ")";
>                    Command.Parameters.AddWithValue(ParmName , Item.Value);
>                }
>            }
>
>~~Bonnie
>
>
I see. Do you think this is better or I should just leave the original code? We don't have single quote in the list values as I checked (they are populated manually and there is limited number of entries) or your code is still better?

Thanks again.
If it's not broken, fix it until it is.


My Blog
Précédent
Suivant
Répondre
Fil
Voir

Click here to load this message in the networking platform