This is not a valid use of
DataSet
. You can fill an instance of
DataSet
only if it is filled with meta-data reflecting the database schema you expect to use through the query. In other words, you should add some data tables, columns, etc.
Formally, you can use the command the way you, do, but in real life… there is no cases where you hard-code the data in your query like you do. And if you want to compose the query through string concatenation, this is also very bad. First, strings are immutable, so multiple use of the concatenation operation "+" is bad in terms of performance, you could use
string.Format
of
System.Text.StringBuilder
, but for queries this is not really acceptable.
If you want to compose your query string out of user-input data, it's just too dangerous. Please read about the danger of
SQL Injection and importance of
parametrized statements:
http://en.wikipedia.org/wiki/SQL_injection[
^].
So, you need to use parametrized commands. Please see:
http://msdn.microsoft.com/en-us/library/ms254953.aspx[
^].
For introductory article on ADO.NET, I recommend this one:
Using ADO.NET for beginners[
^].
—SA