Click here to Skip to main content
15,904,297 members
Please Sign up or sign in to vote.
3.40/5 (3 votes)
See more: (untagged)
Use of prepared statement for displaying data in gridview

1 solution

Prepared statements are JAVA's method for writing parametrized SQL, right? In .NET, you call it as parameterized queries. You write it like
string query = SELECT * FROM SomeTable WHERE SomeId = @id;<br />......<br />yourCommand.Parameters.AddWithValue("@id",someid);
For more information, read SQL Injection Attacks and Some Tips on How to Prevent Them[^]


Share this answer

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900