Quote Originally Posted by stateofidleness View Post
Was scolded.. err, I mean "taught" very early on this forum to use parameters and it actually is much nicer to code:

vb Code:
  1. Dim cmd As New SqlCommand("SELECT FirstName, LastName FROM Employee WHERE FirstName = @fn", con)
  2.         cmd.Parameters.Add(New SqlParameter("@fn", SqlDbType.VarChar, 10)).Value = "Joe"

It allows for better dynamics and less margin for error. As for the SELECT part (the table names) I usually use variable names that hold the table names. It lets me/the user define them much easier than a hard-coded value.
This question isn't about the values though; it's about the identifiers, i.e. the table and column names rather than the field values.