Can you pass more than 1 parameter in a single SQL statement through a VB command?

Question

Just wondering can you pass 2 parameters ( @Insertparanamehere ) in 1 sql command via VB? I have some code below ( sample code ) and I am just wondering is this possible.

Command = New SqlCommand("Update Boards Set CDF_Supplier_Tx='" + SupplierNameTxt.Text + "'  Where CDF_Supplier_tx IN ( Select Supplier From Suppliers Where Supplier = '" + SupplierNameTxt.Text + "')", connection)

Where it says '" + SupplierNameTxt.Text + "' could this be potentially replaced with @Insertnameparaname from here?

If this is unclear as to which I will try to explain this a little more so my code would end up with 2x@ instead of the long supplierNameTxt.Text?

This is just a question , thank you in advance.

I'd be careful if I were you, you are very vulnerable on SQL injections attacks with such a design. — Crono, Feb 18 '14 at 17:09

score 5 · Accepted Answer · edited May 23 '17 at 12:10

5

MyCommand = New SqlCommand("UPDATE SeansMessage SET Message1 = @TicBoxText1, Message2 = @TicBoxText2 WHERE Number = 1", dbConn) MyCommand.Parameters.AddWithValue("@TicBoxText1", TicBoxText1.Text) MyCommand.Parameters.AddWithValue("@TicBoxText2", TicBoxText2.Text)

See here:

How to use parameters "@" in an SQL command in VB

You can also use the same parameter multiple times in your SQL text.

edited May 23 '17 at 12:10

Community

1
1

answered Feb 18 '14 at 17:06

Jon Barker

1,788
15
25

Why thank you , this help me answer my question at hand! Voted Answer. – Kallumasaurus Feb 19 '14 at 08:24
No worries. I'd recommend however you consider using entity framework, as opposed to directly using SQL unless you have certain specific requirements – Jon Barker Feb 19 '14 at 17:16

Can you pass more than 1 parameter in a single SQL statement through a VB command?

1 Answers1