Command text & Parameters - nemiro-net/nemiro.data.dll GitHub Wiki

The CommandText property of the SqlClient class allows you to specify the text of the query or stored procedure name.

The Parameters property allows you to pass additional parameters to a query. Always pass parameters to a query through this property. This is helps to avoid SQL Injection.

C#

using (SqlClient client = new SqlClient())
{
  // sql query or stored procedure name
  client.CommandText = "MyStoredProcedure"; 
  // parameters (if necessary)
  client.Parameters.Add("@par1", SqlDbType.Int).Value = 123;
  client.Parameters.Add("@par2", SqlDbType.NVarChar, 50).Value = "hello, world!";
  // ...
  // query execution
  // ...
}

Visual Basic .NET

Using client As New SqlClient()
  ' sql query or stored procedure name
  client.CommandText = "MyStoredProcedure"
  ' parameters (if necessary)
  client.Parameters.Add("@par1", SqlDbType.Int).Value = 123
  client.Parameters.Add("@par2", SqlDbType.NVarChar, 50).Value = "hello, world!"
  ' ...
  ' query execution
  ' ...
End Using