It's strongly recommended to use
SqlParametersCollection.Add[
^] method to create new
SqlCommand[
^]. Optionally, you can use
SqlParametersCollection.AddWithValue method[
^].
string commandText = "INSERT INTO sales(acnum, scripname, shares_bought) VALUES (@acnum, @scripname, @sbought)";
using (SqlConnection connection = new SqlConnection(connectionString))
{
SqlCommand command = new SqlCommand(commandText, connection);
command.Parameters.AddWithValue("@acnum", 12);
command.Parameters.AddWithValue("@scripname", "abcd");
command.Parameters.AddWithValue("@sbought", 20);
try
{
connection.Open();
Int32 rowsAffected = command.ExecuteNonQuery();
Console.WriteLine("RowsAffected: {0}", rowsAffected);
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}