How to pass long query string

Plateforme Level Extreme

Abonnement

Profil corporatif

Produits & Services

Support

Légal

English

How to pass long query string

Message

21/01/2013 17:22:15

Craig Berntson
Quicken Loans
Salt Lake City, Utah, États-Unis

21/01/2013 14:52:57

Naomi Nosonovsky
Wisconsin, États-Unis

Information générale

Forum:

ASP.NET

Catégorie:

Code, syntaxe and commandes

Titre:

Re: How to pass long query string

Versions des environnements

Environment:

C# 4.0

OS:

Windows 7

Network:

Windows 2003 Server

Database:

MS SQL Server

Divers

Thread ID:

01563515

Message ID:

01563552

Vues:

This message has been marked as a message which has helped to the initial question of the thread.

Not a good idea. It can allow SQL Injection to get in. Better to add each parameter into a Parameter object.

FYI, you use StringBuilder when you concatenate strings over several statements.
string = "One"
string = string + " Two"
string = string + " Three"

If you just build up the string in one statement, you can use +
string = "One" + " Two" + " Three"

>Hi everybody,
>
>I am just wondering what is the best way to pass query string to SqlCommand.ExecuteQuery.
>
>I would have used @ to construct it, but @is used for parameter. So, do I constuct it as several parts concatenated with + or do I need to do it through StringBuilder?
>
>Thanks in advance.

Craig Berntson
MCSD, Microsoft .Net MVP, Grape City Community Influencer

Répondre

Fil

Voir

Click here to load this message in the networking platform