How to pass long query string

Level Extreme platform

Subscription

Corporate profile

Products & Services

Support

Legal

Français

How to pass long query string

Message

From

21/01/2013 17:22:15

Craig Berntson
Quicken Loans
Salt Lake City, Utah, United States

21/01/2013 14:52:57

Naomi Nosonovsky
Wisconsin, United States

General information

Forum:

ASP.NET

Category:

Coding, syntax and commands

Title:

Re: How to pass long query string

Environment versions

Environment:

C# 4.0

OS:

Windows 7

Network:

Windows 2003 Server

Database:

MS SQL Server

Miscellaneous

Thread ID:

01563515

Message ID:

01563552

Views:

This message has been marked as a message which has helped to the initial question of the thread.

Not a good idea. It can allow SQL Injection to get in. Better to add each parameter into a Parameter object.

FYI, you use StringBuilder when you concatenate strings over several statements.
string = "One"
string = string + " Two"
string = string + " Three"

If you just build up the string in one statement, you can use +
string = "One" + " Two" + " Three"

>Hi everybody,
>
>I am just wondering what is the best way to pass query string to SqlCommand.ExecuteQuery.
>
>I would have used @ to construct it, but @is used for parameter. So, do I constuct it as several parts concatenated with + or do I need to do it through StringBuilder?
>
>Thanks in advance.

Craig Berntson
MCSD, Microsoft .Net MVP, Grape City Community Influencer

Map

View

Click here to load this message in the networking platform