Use Parameters in your sql command
Imports System
Imports System.Data
Imports System.Data.SqlClient
public class MainClass
Shared Sub Main()
Dim thisConnection As New SqlConnection("server=(local)\SQLEXPRESS;" & _
"integrated security=sspi;database=MyDatabase")
'Create Command object
Dim nonqueryCommand As SqlCommand = thisConnection.CreateCommand()
Try
' Open Connection
thisConnection.Open()
Console.WriteLine("Connection Opened")
' Create INSERT statement with named parameters
nonqueryCommand.CommandText = _
"INSERT INTO Employee VALUES (@MyID, @MyFirstName, @MyLastName?"
' Add Parameters to Command Parameters collection
nonqueryCommand.Parameters.Add("@MyFirstName", SqlDbType.VarChar, 30)
nonqueryCommand.Parameters.Add("@MyLastName", SqlDbType.VarChar, 30)
nonqueryCommand.Parameters.Add("@MyID", SqlDbType.Int)
' Prepare command for repeated execution
nonqueryCommand.Prepare()
' Data to be inserted
Dim names() As String = {"Z", "S", "J", "D"}
For i As Integer = 0 To 3
nonqueryCommand.Parameters("@MyFirstName").Value = names(i)
nonqueryCommand.Parameters("@MyLastName").Value = names(i)
nonqueryCommand.Parameters("@MyID").Value = i+10
Console.WriteLine("Executing {0}", _
nonqueryCommand.CommandText)
Console.WriteLine("Number of rows affected : {0}", _
nonqueryCommand.ExecuteNonQuery())
Next i
Catch ex As SqlException
' Display error
Console.WriteLine("Error: " & ex.ToString())
Finally
' Close Connection
thisConnection.Close()
Console.WriteLine("Connection Closed")
End Try
End Sub
End Class
Related examples in the same category
