Thursday, October 4, 2012

Parameterized Sql Query in Asp.net 

Dim ds As DataSet = New DataSet()
        Dim param As SqlParameter = New SqlParameter("@user_code", SqlDbType.VarChar, 4)
        param.Value = Convert.ToString("0016")
        Const sqlstr As String = "select sectors.sector_code,sector_name   from user_sectors inner join sectors on user_sectors.sector_code = sectors.sector_code  where user_code = @user_code  and sectors.sector_code not in ('z')"
        Dim da As SqlDataAdapter = New SqlDataAdapter(sqlstr, _con)
        da.SelectCommand.Parameters.Add(param)
        da.Fill(ds)
        ddl.DataValueField = "sector_code"
        ddl.DataTextField = "sector_name"
        ddl.DataSource = ds.Tables(0)
        ddl.DataBind()

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)