Something I Didn't Know About Parameterized Queries

posted on 2004-10-09 at 23:46:42 by Joel Ross

We had the client's team lead in from California this past week, which is why my posting was supposed to be light last week (which it didn't turn out to be, did it?), and I learned something from him.

Well, a lot of things. He thinks he's the only one who learns anything when we get together for a week (this is our fourth week of side-by-side coding). That's definitely not the case, but I'm not here to talk about everything I learned.

I wanted to highlight just one thing. If you have a SqlParameter, the .ToString() method returns the ParameterName. That's it. Nothing earth shattering, but it was interesting to see his queries he was building. Here's an example:

arParms = new SqlParameter[2];

arParms[0] = new SqlParameter("@customerId", customerId);
arParms[1] = new SqlParameter("@status", status);

string sql = "update Customers set Status = " + arParms[1] + " where CustomerId = " + arParms[0];

When you look at the value of sql after it executes, you get:

update Customers set Status = @statusId where CustomerId = @customerId

Again, nothing earth shattering, but it does make parameter names easier to change! Gotta love customers!

Categories: ASP.NET