I want to integrate Textbox in my query. After hours of searching the internet, I came across the following code. Is there any better solution?

Question

'code

Dim conn as SqlConnection = new SqlConnection("SERVER=LOGIC\SERVERDB;DATABASE=sample;User=sa;Pwd=codename")
conn.Open()


Dim userId as String = txtUserId.Text
Dim sql as String = "SELECT name, password FROM users WHERE id=@userid"

Dim cmd as SqlCommand = new SqlCommand()
cmd.Connection = conn
cmd.CommandType = CommandType.Text
cmd.CommendText = sql
cmd.Parameters.AddWithValue("userid", userId);

Dim dr as SqlDataReader = cmd.ExecuteReader()

Answer 1

Just a minor changes if your're happy to adopt:

SqlConnection implements IDisposable. Try wrap it with a Using block, and here is why.

Not sure if you use your name and password somewhere later. If its not used in the later part, why not just send in as param and SELECT Count, then ExecuteScalar?

If userId is used only once, I would reduce a line of code without declaring the variable

Using conn As New SqlConnection("SERVER=LOGIC\SERVERDB;DATABASE=sample;User=sa;Pwd=codename")
    conn.Open()

    Dim sql As String = "SELECT name, password FROM users WHERE id=@userid"

    Dim cmd As New SqlCommand
    cmd.Connection = conn
    cmd.CommandType = CommandType.Text
    cmd.CommandText = sql

    cmd.Parameters.AddWithValue("@userid", txtUserId.Text)

    Dim dr As SqlDataReader = cmd.ExecuteReader()            
End Using