Home/ Questions/Q 7783835
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-01T19:57:29+00:00

How would I make this parametrized ?! string query = ; query += SELECT

  • 0

How would I make this parametrized ?!

string query = "";

            query += " SELECT DistID FROM Distributor";
            query += " WHERE Username = '" + username_id.Text + "'";
            query += " AND Password = '" + password.Text + "'";

            GeneralFunctions.GetData( query );

Can it be done here or would it have to be done inside the GetData method?

Here are the two methods:

public static DataTable GetData ( string query )
{
    SqlDataAdapter dataAdapter;
    DataTable table;

    try
    {
        dataAdapter = new SqlDataAdapter( query, GetConnectionString() );
        table = new DataTable();

        dataAdapter.Fill( table );
        return table;
    }
    catch ( Exception ex )
    {
    }
    finally
    {
        dataAdapter = null;
        table = null;
    }

    return table;
}

public static string GetConnectionString ()
{
    string connectionString = ConfigurationManager.ConnectionStrings[ "CAPortalConnectionString" ].ConnectionString;

    return connectionString;
}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I’d recommend you designing specific methods to query your database, like this:

    public static int? GetDistID(string username, string password)
{
    using (var conn = new SqlConnection(GetConnectionString()))
    using (var cmd = conn.CreateCommand())
    {
        conn.Open();
        cmd.CommandText = 
        @"SELECT 
              DistID 
          FROM 
              Distributor
          WHERE 
              Username = @username 
          AND 
              Password = @password";
        cmd.Parameters.AddWithValue("@username", username);
        cmd.Parameters.AddWithValue("@password", password);
        using (var reader = cmd.ExecuteReader())
        {
            if (!reader.Read())
            {
                // no results found
                return null;
            }
            return reader.GetInt32(reader.GetOrdinal("DistID"));
        }
    }
}

    and then:

    var distId = GeneralFunctions.GetDistID(username_id.Text, password.Text);

    No need of DataTables/Sets/Adapters. Work with strongly typed objects.

    • 0