SqlCommand command = new SqlCommand();
command.CommandText = "SELECT * FROM Emplyoee emp WHERE emp.Name=@EmpName";
command.Parameters.Add(new SqlParameter(" @EmpName", 50));
// Execute the SQL Server command...
SqlDataReader reader = command.ExecuteReader();
DataTable tblemplyee = new DataTable();
tblemplyee.Load(reader);
foreach (DataRow rowProduct in tblemplyee.Rows)
{
// Use the data...
}
NOTE: This is a good way to block SQL injection
using Enterprise library also we can able to do database operations http://aspnettutorialonline.blogspot.com/2012/04/insert-delete-update-records-in.html
ReplyDelete