when we want to pass sth to database like int we use(%d) like below

Question

0

Editorial Team

Asked: June 7, 20262026-06-07T07:28:48+00:00 2026-06-07T07:28:48+00:00

when we want to pass sth to database like int we use(%d) like below

0

when we want to pass sth to database like int we use(%d) like below

...string.format("select * from Table where code=%d",100)...

what should i use instead of %d when we want to pass dateTime ?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-07T07:28:50+00:00

dont use string.format() for db parameter substitution, you end up in SQL injection. SqlCommand has Parameters property , you can add the parameters into the collection

use parameterized query like this:

SqlCommand cmd = new SqlCommand()
cmd.Parameters.AddWithValue("@yourParam",value);

more efficient if you use the Using block with your code.

like this

using(SqlConnection con = new SqlConnection("ConnString"))
using(SqlCommand cmd =  new SqlCommand(con))
{
   // do some stuffs. like add parameters. 
}

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

when we want to pass sth to database like int we use(%d) like below

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply