Instead of passing the SQL string to the adapter create a
SqlCommand[
^], define the
SqlParameters[
^] and use that command for your adapter. When doing this you also have to create the SqlConnection.
So something like:
Dim databaseConnection As New SqlConnection
Dim queryCommand As New SqlCommand
databaseConnection.ConnectionString = conStr
databaseConnection.Open
queryCommand.CommandText = "SELECT * FROM tblTest where Name=@NM and Rank=@RN"
queryCommand.Parameters.AddWithValue("@NM", someNMvariable)
queryCommand.Parameters.AddWithValue("@RN", someRNvariable)
queryCommand.Connection = databaseConnection
Dim dAdt As New SqlDataAdapter(queryCommand)
...
databaseConnection.Close