sqlcommand

I'm trying to update an MSSQL table using SqlCommand, I think it's a syntax error with my T-SQL, but here is what I have so far: SqlCommand sqlCmd = new SqlCommand("UPDATE yak_tickets SET email = @emailParam, subject = @subjectParam, text = @textParam, statusid = @statusIDParam, ticketClass = @ticketClassParam WHERE id = @ticketIDParam", sqlConn); The parameters are working as they should, however, the table never gets updated when I run the code. Any help would be appreciated =) Here is the rest of the code: #region Parameters /* Parameters */ sqlCmd.Parameters.Add("@ticketIDParam", SqlDbType

We have some lists of data being fetched in our application via a SqlCommand performing a SELECT query on a SQL Server database. We do not explicitly setup a transaction on the SqlCommand, instead just passing it a SqlConnection and running it. Is it the case that when no transaction is specified that SQL Server will initiate and use a default transaction with the default IsolationLevel of ReadCommitted ? SQL Server can work happily without an explicit transaction. But yes, I believe it is essentially read-committed (unless, of course, you add extra hints to your query objects,such as UPDLOCK

Problem: I have a form with text values, and a function that must return a string query based on the values of the text values too. Solution: I created a SQLCommand query with parameters, then I put the SQLCommand.CommandText to a string and I returned it (to the business logic that is going to handle the query) Main Question: Is it sql-injection proof? Code Example: sQuery = "select * from xy where x like '%@txtNameParameter%'"; SqlCommand cmd = new SqlCommand(sQuery); cmd.Parameters.Add("@txtNameParameter", SqlDbType.VarChar); cmd.Parameters["@txtNameParameter"].Value = txtName.Text; string

Take the following example... Using cn As New SqlConnection(ConnectionString) Try Dim cmd As SqlCommand = New SqlCommand With cmd .Connection = cn .Connection.Open() .CommandText = "dbo.GetCustomerByID" .CommandType = CommandType.StoredProcedure .Parameters.Add("@CustomerID", SqlDbType.Int, 4) .Parameters("@CustomerID").Value = CustomerID End With da = New SqlDataAdapter(cmd) da.Fill(ds, "Customer") Catch ex As Exception End Try End Using From my research today is sounds as though this is basically okay but the SqlCommand is not being disposed of. Question -> Which of the following examples is