1
Answer

SqlParameter

samir samir

samir samir

16y
2.9k
1

Hi,  i have code right now with string concatenation like :

sSQL = "select * from table where a=b";

if (current.Request["ct"] != null && current.Request[ct] != "")

{

  sSQL += " AND ct = '" + current.Request[ct] + "' ";

}

 

if (current.Request["dt"] != null && current.Request[dt] != "")

{

  sSQL += " AND dt = '" + current.Request[dt] + "' ";

}

and few more (if statements) like these.......

 

Now i want to use sqlparameters instead for efficiency.

Problem is how can i do that? Do i have to write those if's to concatenate sSQL and then assign it to command object and then write if's again for adding parameters? i am sure there is an efficient way to do this.

 

thanks

-Samir

Answers (1)