Was scolded.. err, I mean "taught" very early on this forum to use parameters and it actually is much nicer to code:
vb Code:
Dim cmd As New SqlCommand("SELECT FirstName, LastName FROM Employee WHERE FirstName = @fn", con) cmd.Parameters.Add(New SqlParameter("@fn", SqlDbType.VarChar, 10)).Value = "Joe"
It allows for better dynamics and less margin for error. As for the SELECT part (the table names) I usually use variable names that hold the table names. It lets me/the user define them much easier than a hard-coded value.






Reply With Quote