Use a string from app settings in a SQL query

Question

Objective: use a string from app settings within a query

Code:

private SqlConnection sqlconn = new SqlConnection();
private String[] strSomeValue = ConfigurationManager.AppSettings["SomeValue"].ToString().Split(';');

String strSQL = Type.SelectedValue;
SqlCommand cmd = SqlConnection.CreateCommand();

if (strSQL == "SomeValue")
 {
    cmd.CommandText = @"SELECT Value 
                        FROM Types
                        WHERE "Some Value"
  }

The idea is to have the Some Value portion of the query be filled with the string from app settings. Thank you in advance for any references, comments and suggestions

Answer 1

Use a parameterized query:

const string query =
      "SELECT Value"
    + "FROM Types"
    + "WHERE Value = @SomeValue";

using(var command = connection.CreateCommand())
{
    command.CommandText = query;
    command.Parameters.AddWithValue("@SomeValue", strSomeValue[0]);
    // TODO: open connection, execute command, get result
}