Skip to content
This repository has been archived by the owner on Dec 1, 2018. It is now read-only.

Command text & Parameters

Jump to bottom
Aleksey Nemiro edited this page Apr 5, 2014 · 2 revisions

The CommandText property of the SqlClient class allows you to specify the text of the query or stored procedure name.

The Parameters property allows you to pass additional parameters to a query. Always pass parameters to a query through this property. This is helps to avoid SQL Injection.

C#

using (SqlClient client = new SqlClient())
{
  // sql query or stored procedure name
  client.CommandText = "MyStoredProcedure"; 
  // parameters (if necessary)
  client.Parameters.Add("@par1", SqlDbType.Int).Value = 123;
  client.Parameters.Add("@par2", SqlDbType.NVarChar, 50).Value = "hello, world!";
  // ...
  // query execution
  // ...
}

Visual Basic .NET

Using client As New SqlClient()
  ' sql query or stored procedure name
  client.CommandText = "MyStoredProcedure"
  ' parameters (if necessary)
  client.Parameters.Add("@par1", SqlDbType.Int).Value = 123
  client.Parameters.Add("@par2", SqlDbType.NVarChar, 50).Value = "hello, world!"
  ' ...
  ' query execution
  ' ...
End Using
Clone this wiki locally