Comments on: C# ASP.NET Sql Command Insert Statement Source Code Example

By: sandeep

sandeep — Mon, 07 Nov 2011 07:58:54 +0000

Actually i m fresher in this line. and i wnat to know how to connection database with asp.net web application.. and how it work..!!!! still tyring to learn.
i saw many tutorials & videos of data insertions through asp.net to sql database.. but i m confused..
coz. when i try to do this i have manly open a new problems….
so.. plz anyone give me some correction suggestions like how to start it, etc.
email is nagwanshi04@gmail.com

By: Ravi

Ravi — Mon, 05 Sep 2011 05:52:23 +0000

This is only correct reference how to connect database in all over internet!!

THANKS!!!

By: asp.net videos

asp.net videos — Fri, 13 Aug 2010 15:24:49 +0000

Desai,

Good question.

I have always heard parameterized queries are the safest way to avoid sql injection. In the example syntax you gave, I am wondering what would happen if a hacker entered the following into FirstName.Text: myname' or 1 = 1; Drop tables —

I am thinking that the hackers single quote would cause the firstname.text field to end and allow the rest to execute as sql – causing a real problem.

Thanks!

By: Desai Hakoo S

Desai Hakoo S — Fri, 13 Aug 2010 11:57:03 +0000

Dont you think this is lenghty method??
U can just make it sort like this :

Sqlcommamd sqlcmd = ("INSERT INTO Employees (FirstName, LastName) VALUES (' "FirstName.text" ', ' "LastName.text" ')";
sqlcmd.ExecuteNonQuery();

I tried n got success. If any prons or cons of this method, then definatly inform me.

By: Jon

Jon — Tue, 09 Feb 2010 20:39:59 +0000

Muy buena… gracias me sirvio bastante opara realizar un proyecto de la u q no tenia idea ….
Gracias…….