Guys gusto ko lng itanong kung ito yung tamang pag parameterize ng sql query o pwede pang eenhance. thanks guys
here is the code
here is the code
Code:
private void SaveRecord()
{
string connString = ConfigurationManager.AppSettings["connString"];
SqlConnection conn = new SqlConnection(connString);
try
{
conn.Open();
SqlCommand cmd = new SqlCommand("INSERT INTO Profiles (name, age, gender, address, [contact no.]) VALUES (@fname + ' ' + @mName + ' ' + @sName, @age, @gender, @address, @contactNo)", conn);
cmd.Parameters.AddWithValue("@fname", txtfName.Text);
cmd.Parameters.AddWithValue("@mName", txtMName.Text);
cmd.Parameters.AddWithValue("@sName", txtSName.Text);
cmd.Parameters.AddWithValue("@age", cmbAge.Text);
cmd.Parameters.AddWithValue("@gender", cmbGender.Text);
cmd.Parameters.AddWithValue("@address", txtAddress.Text);
cmd.Parameters.AddWithValue("@contactNo", Convert.ToInt32(txtContactNum.Text));
int i = cmd.ExecuteNonQuery();
if (i > 0)
{
MessageBox.Show("New Profile Saved");
}
else
{
MessageBox.Show("Profile not saved");
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
}
Last edited: