Use a string from app settings in a SQL query

StackOverflow https://stackoverflow.com/questions/22768510

Question

Objective: use a string from app settings within a query

Code: 

private SqlConnection sqlconn = new SqlConnection();
private String[] strSomeValue = ConfigurationManager.AppSettings["SomeValue"].ToString().Split(';');

String strSQL = Type.SelectedValue;
SqlCommand cmd = SqlConnection.CreateCommand();

if (strSQL == "SomeValue")
 {
    cmd.CommandText = @"SELECT Value 
                        FROM Types
                        WHERE "Some Value"
  }

The idea is to have the Some Value portion of the query be filled with the string from app settings. Thank you in advance for any references, comments and suggestions

Was it helpful?

Solution

Use a parameterized query:

const string query =
      "SELECT Value"
    + "FROM Types"
    + "WHERE Value = @SomeValue";

using(var command = connection.CreateCommand())
{
    command.CommandText = query;
    command.Parameters.AddWithValue("@SomeValue", strSomeValue[0]);
    // TODO: open connection, execute command, get result
}
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top