If you are using C#, then the code is going to be pretty much the same: just use a parametrized query.
using (SqlConnection con = new SqlConnection(strConnect))
{
con.Open();
using (SqlCommand com = new SqlCommand("SELECT iD, description FROM myTable WHERE Id=@ID", con))
{
com.Parameters.AddWithValue("@ID", id);
using (SqlDataReader reader = com.ExecuteReader())
{
while (reader.Read())
{
int id = (int) reader["iD"];
string desc = (string) reader["description"];
Console.WriteLine("ID: {0}\n {1}", iD, desc);
}
}
}
}
Or:
using (SqlConnection con = new SqlConnection(strConnect))
{
con.Open();
using (SqlDataAdapter da = new SqlDataAdapter("SELECT MyColumn1, MyColumn2 FROM myTable WHERE mySearchColumn = @SEARCH", con))
{
da.SelectCommand.Parameters.AddWithValue("@SEARCH", myTextBox.Text);
DataTable dt = new DataTable();
da.Fill(dt);
myDataGridView.DataSource = dt;
}
}
Or is there something more specific your are trying to do that is failing?