I am executing a stored procedure on a SQL server using a SqlCommand class

Question

0

Asked: May 26, 20262026-05-26T14:19:04+00:00 2026-05-26T14:19:04+00:00

I am executing a stored procedure on a SQL server using a SqlCommand class

0

I am executing a stored procedure on a SQL server using a SqlCommand class from C#. Currently I just build an execution string that parses in the parameter values to the stored procedure then executes the string on the server. The problem is when I have quotes the string does not get passed properly

Is it possible to use SqlParameter objects to pass in the parameters without worrying about escaping out of quotes?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-26T14:19:05+00:00

Editorial Team

2026-05-26T14:19:05+00:00Added an answer on May 26, 2026 at 2:19 pm

Yes, that is the preferred way of sending parameters.

Example:

using (SqlCommand cmd = new SqlCommand("SomeProcedure", connection) {
  cmd.Parameters.Add("@Id", SqlDbType.Int).Value = 42;
  cmd.Parameters.Add("@Text", SqlDbType.Varchar, 50).Value = "A string value";
  cmd.ExecuteNonQuery();
}

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I am executing a stored procedure on a SQL server using a SqlCommand class

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply