Use a string from app settings in a SQL query

StackOverflow https://stackoverflow.com/questions/22768510

Frage

Objective: use a string from app settings within a query

Code: 

private SqlConnection sqlconn = new SqlConnection();
private String[] strSomeValue = ConfigurationManager.AppSettings["SomeValue"].ToString().Split(';');

String strSQL = Type.SelectedValue;
SqlCommand cmd = SqlConnection.CreateCommand();

if (strSQL == "SomeValue")
 {
    cmd.CommandText = @"SELECT Value 
                        FROM Types
                        WHERE "Some Value"
  }

The idea is to have the Some Value portion of the query be filled with the string from app settings. Thank you in advance for any references, comments and suggestions

War es hilfreich?

Lösung

Use a parameterized query:

const string query =
      "SELECT Value"
    + "FROM Types"
    + "WHERE Value = @SomeValue";

using(var command = connection.CreateCommand())
{
    command.CommandText = query;
    command.Parameters.AddWithValue("@SomeValue", strSomeValue[0]);
    // TODO: open connection, execute command, get result
}
Lizenziert unter: CC-BY-SA mit Zuschreibung
Nicht verbunden mit StackOverflow
scroll top