I have been using SQL Parameters without using Prepare in .NET. Is this bad? Why should I use it?

Asked Dec 20 '12 at 16:10

Active Dec 20 '12 at 16:14

Viewed 78 times

Possible Duplicate:
Pros and Cons of using SqlCommand Prepare in C#?

Here is an example. This seems to work fine but I just stumbled upon Prepare() and I'm wondering if I should be using it.

con.Open();
cmd.Connection = con;
cmd.CommandText = "INSERT INTO tbl ([val], [desc]) OUTPUT INSERTED.tbl_id VALUES (@val, @desc); "; cmd.Parameters.AddWithValue("@val", AccountSession.Current.UserId); cmd.Parameters.AddWithValue("@desc", Desc); retVal.id = cmd.ExecuteScalar().ToString();

edited May 23 '17 at 12:27

Community

asked Dec 20 '12 at 16:10

Paco

I have been using SQL Parameters without using Prepare in .NET. Is this bad? Why should I use it?

0 Answers0