How to pass in a variable for a sql insert command

Question

I have a string that I want to insert into a column of a table using a sql command. If I have

string someText = 'onetwothreetest';
clsDB.ExecuteSQL("INSERT INTO tbl_SOMETABLE (SOMECOLUMN) VALUES (????)")

How would I put the string, someText, into the ???? without it giving me an error.

score 0 · Answer 1 · answered Sep 25 '20 at 02:34

0

Please refer to this post Parameterize SQL query

You need to create a Command Object and add Specify SQL, Parameters

using (SqlConnection connection = new SqlConnection(connectionString))
using (SqlCommand command = connection.CreateCommand())
{
    command.CommandText = "INSERT INTO Contacts ([First], [Last], [Address], [City], [State], [ZIP]) VALUES (@first, @last, @address, @city, @state, @zip)";

    command.Parameters.AddWithValue("@first", first);
    // or
    // command.Parameters.Add("@first", SqlDbType.Type).Value = first;
    // ...

    connection.Open();
    command.ExecuteNonQuery();
}

answered Sep 25 '20 at 02:34

ullfindsmit

279
1
5
20

You should check out [Can we stop using AddWithValue() already?](http://blogs.msmvps.com/jcoehoorn/blog/2014/05/12/can-we-stop-using-addwithvalue-already/) and stop using `.AddWithValue()` - it can lead to unexpected and surprising results... – marc_s Sep 25 '20 at 04:00
::thumbsup:: thanks – ullfindsmit Sep 25 '20 at 14:26

score -1 · Accepted Answer · answered Sep 25 '20 at 02:43

-1

You can simply do this:

 string someText = 'onetwothreetest';
 clsDB.ExecuteSQL($"INSERT INTO tbl_SOMETABLE (SOMECOLUMN) VALUES ({someText})")

answered Sep 25 '20 at 02:43

Gauravsa

6,330
2
21
30

How to pass in a variable for a sql insert command

2 Answers2