I have asp.net site which uses ACCESS as the backend. I have set up the code to make updates in the database from straight SQL commands in the .net page. I want to update the pages in order to prevent SQL Injection. I see how to do an insert by using the following syntax: cmd.Parametaddwithvalue but do not know the syntax for an update query. Can someone help? Thanks!
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Update Query Syntax for Access DB
- Thread starter sandylou
- Start date
It goes something like this assuming a table with three columns called ID, Column1 and Column2:
In the command text you place question marks where you want the parameters to go. You then supply the parameters in the order they appear in the string. Access does not support named parameters so just pass 'nothing' in for the name.
Code:
Try
connection = New OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\db1.mdb")
connection.Open()
Dim command As New OleDbCommand()
With command
.Connection = connection
.CommandText = "UPDATE MyTable SET Column1=?, Column2=? WHERE ID=?"
.Parameters.AddWithValue(Nothing, "col1Value")
.Parameters.AddWithValue(Nothing, "col2Value")
.Parameters.AddWithValue(Nothing, 1)
.ExecuteNonQuery()
End With
connection.Close()
Finally
If Not connection Is Nothing Then
connection.Dispose()
End If
End TryIn the command text you place question marks where you want the parameters to go. You then supply the parameters in the order they appear in the string. Access does not support named parameters so just pass 'nothing' in for the name.
- Status
