Hi. I've been using straight query, which had sql injection problem, so i shift over to parametrized one, which i learn in the same forum here.
Now i want to use the queries at module level, but i'm totally unfamiliar for this that how to use Parametrized queries at module level. I'm using the following code.
This is my module code, for insert query:
and this is my form button code:Code:#Region "Insertion" Public Sub Insertion(ByVal tblName As String, ByVal columns As String, ByVal Parameters As String) Try cmdsql1.CommandText = "insert into " & tblName & " ( " & columns & ") values ( " & Parameters & ")" cmdsql1.Connection = Conn() cmdsql1.ExecuteNonQuery() Catch ex As Exception MessageBox.Show(ex.Message) End Try End Sub #End Region
My question is that how do i shift again from this query to parametrized once. Normally I'm doing all my work so far with parametrized queries. But this is my first attempt to working at module level, so i don't know that how to apply parametrized at module level. Please guide me.Code:Try Insertion("ProductBasicInfo", "ProdId, ProdName, Description, Manufacturer", " " & txtProdID.Text.Trim & ", '" & txtProdName.Text.Trim & "', '" & txtProdDesc.Text.Trim & "', '" & txtProdManuf.Text.Trim & "'") MessageBox.Show("Record Inserted Successfully") Catch ex As Exception MessageBox.Show(ex.Message) End Try
Reply With Quote