ok...so do
string SQL = "SELECT * FROM table WHERE fielda='" & myselection & "';"
or
SqlCommand nonqueryCommand = thisConnection.CreateCommand();
nonqueryCommand.CommandText = "SELECT * FROM table WHERE fielda=@fielda;";
nonqueryCommand.Parameters.Add("@fielda", SqlDbType.VarChar, 30);
[Updated: sorry, I missed a parameter in the Add. It should read
nonqueryCommand.Parameters.Add("@fielda",SqlDbType.Int).Value = 123;
And what's with the downvoting?]
Submit an article or tip