Well, personally, I prefer parameters (but then, I use Stored Procs also) ...
This one is probably one of those "six of one, half a dozen of the other" ... IOW, it probably doesn't matter. If there is ever a chance though for an entry with a quote in it, you should probably do the parameter methodology now so it won't ever have to be changed. Just my 2 cents, do you what you feel most comfortable with. =0)
~~Bonnie
>>
>In run-time that variable @EventVal already declared >>
>>Well, yeah ... if you have more than one Item selected in your List, then you'll be adding that parameter more than once. Yeah, that's not gonna work that way. Try this:
>>
>>
>> ListItem Item;
>> string ParmName;
>> for (int i=0; i < this.lsbEvntTargetPop.Items.Count; i++)
>> {
>> Item = this.lsbEvntTargetPop.Items[i];
>> if (Item.Selected)
>> {
>> ParmName = "@EventVal" + i.ToString();
>> Command.CommandText += "\nINSERT INTO EventTargets VALUES(@EvID," + ParmName + ")";
>> Command.Parameters.AddWithValue(ParmName , Item.Value);
>> }
>> }
>>
>>~~Bonnie
>>
>>
>I see. Do you think this is better or I should just leave the original code? We don't have single quote in the list values as I checked (they are populated manually and there is limited number of entries) or your code is still better?
>
>Thanks again.