Hi. I've been using straight query, which had sql injection problem, so i shift over to parametrized one, which i learn in the same forum here.
Now i want to use the queries at module level, but i'm totally unfamiliar for this that how to use Parametrized queries at module level. I'm using the following code.
This is my module code, for insert query:
and this is my form button code:
My question is that how do i shift again from this query to parametrized once. Normally I'm doing all my work so far with parametrized queries. But this is my first attempt to working at module level, so i don't know that how to apply parametrized at module level. Please guide me.
Now i want to use the queries at module level, but i'm totally unfamiliar for this that how to use Parametrized queries at module level. I'm using the following code.
This is my module code, for insert query:
Code:
#Region "Insertion"
Public Sub Insertion(ByVal tblName As String, ByVal columns As String, ByVal Parameters As String)
Try
cmdsql1.CommandText = "insert into " & tblName & " ( " & columns & ") values ( " & Parameters & ")"
cmdsql1.Connection = Conn()
cmdsql1.ExecuteNonQuery()
Catch ex As Exception
MessageBox.Show(ex.Message)
End Try
End Sub
#End RegionCode:
Try
Insertion("ProductBasicInfo", "ProdId, ProdName, Description, Manufacturer", " " & txtProdID.Text.Trim & ", '" & txtProdName.Text.Trim & "', '" & txtProdDesc.Text.Trim & "', '" & txtProdManuf.Text.Trim & "'")
MessageBox.Show("Record Inserted Successfully")
Catch ex As Exception
MessageBox.Show(ex.Message)
End Try