ansaurus

Question

Answer 1

+8 A:

using (var conn = new SqlConnection(yourConnectionString))
{
    var cmd = new SqlCommand("insert into Foo values (@bar)", conn);
    cmd.Parameters.AddWithValue("@bar", 17);
    conn.Open();
    cmd.ExecuteNonQuery();
}

Matt Hamilton 2008-08-28 10:48:25

Spot on! Using a parameter not only will protect you from SQL injection attacks (depending on .net parameter type of course), but it will also allow SQL Server to cache the compiled query, and just substitute the parameter next time this code is called.

MPritch 2009-08-08 10:12:31

Suggest changing to:using (var conn = new SqlConnection(yourConnectionString))using (var cmd = new SqlCommand("insert into Foo values (@bar)", conn)){ cmd.Parameters.AddWithValue("@bar", 17); conn.Open(); cmd.ExecuteNonQuery();}

MPritch 2009-08-08 10:14:53

(Moving an old answer to here as a comment) I left the using off the SqlCommand deliberately as the OP was looking for the "simplest" code to achieve the insert (although I kept it on the connection 'coz that's more important). I agree that it's good practice.

Matt Hamilton 2009-08-08 13:09:17

Answer 2

A:

using (SqlConnection myConnection new SqlConnection("Your connection string")) 
{ 
    SqlCommand myCommand = new SqlCommand("INSERT INTO ... VALUES ...", myConnection); 
    myConnection.Open(); 
    myCommand.ExecuteNonQuery(); 
}

aku 2008-08-28 10:50:37

-1. This approach would encourage building up a SQL string by hand and not using parameterised SQL. Sorry

MPritch 2009-08-08 10:14:11

Answer 3

+1 A:

@Matt and @aku, it's also good practice to wrap the SqlCommand in a using statement.

Eric Z Beard 2008-08-28 11:36:15

Could you clarify this in more detail or provide a link? I understand the concept behind this approach but am wondering how far the benefits go.

steve 2009-06-26 12:03:47

It's recommended to put a using statement around any disposable object, so you get the try-finally-dispose logic guaranteed without any chance of messing it up and not releasing resources.

Eric Z Beard 2009-06-26 12:45:59

Answer 4

A:

Since you seem to be just getting started with this now is the best time to familiarize yourself with the concept of a Data Access Layer (obligatory wikipedia link). It will be very helpful for you down the road when you're apps have more interaction with the database throughout and you want to minimize code duplication. Also makes for more consistent behavior, making testing and tons of other things easier.

AlexCuse 2008-08-28 14:57:37

ansaurus

tags:

views:

answers:

C# - SQLClient - Simplest INSERT

related questions