Parameterising this sql?

void Insert()
        {
            string query = "INSERT INTO StudentTable (YearGroup,FormGroup,FirstName,LastName,ScienceType) VALUES" + "(@studentID,@yearGroup,@formGroup,@firstName,@lastName,@scienceType";
            cmd = new OleDbCommand(query, connection);
            
            cmd.Parameters.AddWithValue("@yearGroup",formGroupTextBox);
            cmd.Parameters.AddWithValue("@formGroup",formGroupTextBox.Text);
            cmd.Parameters.AddWithValue("@firstName",firstNameTextBox.Text);
            cmd.Parameters.AddWithValue("@lastName",lastNameTextBox.Text);
            cmd.Parameters.AddWithValue("@scienceType",scienceClassTextBox.Text);
            
            connection.Open();
            cmd.ExecuteNonQuery();
            connection.Close();
            GetDatabaseConnection1();
        }

void Insert()
        {
            string query = "INSERT INTO StudentTable (YearGroup,FormGroup,FirstName,LastName,ScienceType) VALUES" + "(@studentID,@yearGroup,@formGroup,@firstName,@lastName,@scienceType";
            cmd = new OleDbCommand(query, connection);
            
            cmd.Parameters.AddWithValue("@yearGroup",formGroupTextBox);
            cmd.Parameters.AddWithValue("@formGroup",formGroupTextBox.Text);
            cmd.Parameters.AddWithValue("@firstName",firstNameTextBox.Text);
            cmd.Parameters.AddWithValue("@lastName",lastNameTextBox.Text);
            cmd.Parameters.AddWithValue("@scienceType",scienceClassTextBox.Text);
            
            connection.Open();
            cmd.ExecuteNonQuery();
            connection.Close();
            GetDatabaseConnection1();
        }

C#•3y ago•

30 replies

Aria🎶

Parameterising this sql?

void Insert()
        {
            string query = "INSERT INTO StudentTable (YearGroup,FormGroup,FirstName,LastName,ScienceType) VALUES" + "(@studentID,@yearGroup,@formGroup,@firstName,@lastName,@scienceType";
            cmd = new OleDbCommand(query, connection);
            
            cmd.Parameters.AddWithValue("@yearGroup",formGroupTextBox);
            cmd.Parameters.AddWithValue("@formGroup",formGroupTextBox.Text);
            cmd.Parameters.AddWithValue("@firstName",firstNameTextBox.Text);
            cmd.Parameters.AddWithValue("@lastName",lastNameTextBox.Text);
            cmd.Parameters.AddWithValue("@scienceType",scienceClassTextBox.Text);
            
            connection.Open();
            cmd.ExecuteNonQuery();
            connection.Close();
            GetDatabaseConnection1();
        }

void Insert()
        {
            string query = "INSERT INTO StudentTable (YearGroup,FormGroup,FirstName,LastName,ScienceType) VALUES" + "(@studentID,@yearGroup,@formGroup,@firstName,@lastName,@scienceType";
            cmd = new OleDbCommand(query, connection);
            
            cmd.Parameters.AddWithValue("@yearGroup",formGroupTextBox);
            cmd.Parameters.AddWithValue("@formGroup",formGroupTextBox.Text);
            cmd.Parameters.AddWithValue("@firstName",firstNameTextBox.Text);
            cmd.Parameters.AddWithValue("@lastName",lastNameTextBox.Text);
            cmd.Parameters.AddWithValue("@scienceType",scienceClassTextBox.Text);
            
            connection.Open();
            cmd.ExecuteNonQuery();
            connection.Close();
            GetDatabaseConnection1();
        }

Parameterising this sql?

Similar Threads

Parameterising this sql?

Similar Threads

Similar Threads

Similar Threads