Home/ Questions/Q 105015
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-11T01:22:21+00:00

I’m having trouble coming up with the proper syntax for allowing either a string

  • 0

I’m having trouble coming up with the proper syntax for allowing either a string or a NULL to be passed to the database. Here’s my code:

string insertString = String.Format(     @'INSERT INTO upload_history (field1, field2, field3)      VALUES ('{0}', '{1}', '{2}')',     varField1, varField2, varField3);

I used single quotes around the variable placeholders so that the database would properly accept a string value. However, if NULL is passed, it ends up going into the database as the string ‘NULL’.

Is there a way I can leave the single quotes out of the InsertCommand string and conditionally add single quotes to my variables?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Don’t concatenate the string (string.Format) – use parameters (@p1 etc) – then you can pass DBNull.Value to mean null to SQL Server

    SqlCommand cmd = new SqlCommand(); cmd.CommandText = @'INSERT INTO upload_history (field1, field2, field3)     VALUES (@p1, @p2, @p3)'; cmd.Parameters.AddWithValue('@p1', (object)someVar ?? DBNull.Value); //...

    This also protects you from SQL injection

    • 0