You need to rewrite the following code to use a SqlParameter:

SqlConnection conn = new SqlConnection("Persist Security Info=False;"+
"Integrated Security=SSPI;database=northwind;server=dataServer");
string commandText = string.Format("SELECT * FROM Customers WHERE LastName='{0}'",
txtBoxLastName.Text);
SqlCommand cmd = new SqlCommand(commandText, conn);

Which code segment should you use?

 Posted by Rajkatie on 8/31/2012 | Category: ADO.NET Interview questions | Views: 1623 | Points: 40
Select from following answers:
  1. string commandText = "SELECT * FROM Customers WHERE LastName=@LastName"; SqlCommand cmd = new SqlCommand(commandText, conn); cmd.Parameters.Add("@LastName",txtBoxLastName.Text);
  2. string commandText = "SELECT * FROM Customers WHERE LastName=@LastName"; SqlCommand cmd = new SqlCommand(commandText, conn); cmd.Parameters.Add("@LastName");
  3. string commandText = "SELECT * FROM Customers WHERE LastName='{0}'"; SqlCommand cmd = new SqlCommand(commandText, conn); cmd.Parameters.Add("0", txtBoxLastName.Text)
  4. All Above

Show Correct Answer


Source: MeasureUp.Com | | Alert Moderator 

Comments or Responses

Login to post response