If you're using Visual Studio 2015 or higher, and targeting .NET 4.6 or later, something like this will work:
Public Shared Function CreateCommand(ByVal connection As IDbConnection, ByVal commandText As FormattableString, Optional ByVal commandType As CommandType = CommandType.Text) As IDbCommand
Dim result As IDbCommand = connection.CreateCommand()
Dim parameterNames As New List(Of String)(commandText.ArgumentCount)
For Each parameter As Object In commandText.GetArguments()
Dim parameterName As String = "@p" & parameterNames.Count
parameterNames.Add(parameterName)
Dim p As IDbDataParameter = result.CreateParameter()
p.ParameterName = parameterName
p.Value = parameter
result.Parameters.Add(p)
Next
result.CommandText = String.Format(commandText.Format, parameterNames.ToArray())
result.CommandType = commandType
Return result
End Function
Public Sub MyNonQuery(ByVal commandText As FormattableString, Optional ByVal commandType As CommandType = CommandType.Text)
Using connection As New MySqlConnection("server=localhost;userid=root;password=;database=boyscout_pos")
Using command As IDbCommand = CreateCommand(connection, commandText, commandType)
connection.Open()
command.ExecuteNonQuery()
End Using
End Using
End Sub
...
MyNonQuery($"insert into boyscout_pos.tblproducts (Purchase_Invoice, Product_Code, Product_Name, Category, Size, Product_Price, Selling_Price, Qty_Stock) values ({txtpurchaseinvoice.Text}, {txtproductcode.Text}, {txtproductname.Text}, {txtproductcategory.Text}, {TextBoxSize.Text}, {txtproductprice.Text}, {txtsellingprice.Text}, {txtproductquantity.Text})")
This uses
string interpolation[
^] to pass the command text and parameters as one object. By passing it as a
FormattableString[
^], it is able to extract the parameter values and pass them properly, rather than concatenating them into the command text.
(NB: I didn't invent this idea - I saw it in an article, which I think was somewhere on CodeProject. Unfortunately, I didn't keep the link, and I can't find it now. If the author spots this and wants me to add a link, let me know.)