10

I'm basically trying to figure out the simplest way to perform your basic insert operation in C#.NET using the SqlClient namespace.

I'm using SqlConnection for my db link, I've already had success executing some reads, and I want to know the simplest way to insert data. I'm finding what seem to be pretty verbose methods when I google.

Improve this question

3 Answers 3

Reset to default
20 
using (var conn = new SqlConnection(yourConnectionString))
{
    var cmd = new SqlCommand("insert into Foo values (@bar)", conn);
    cmd.Parameters.AddWithValue("@bar", 17);
    conn.Open();
    cmd.ExecuteNonQuery();
}
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Spot on! Using a parameter not only will protect you from SQL injection attacks (depending on .net parameter type of course), but it will also allow SQL Server to cache the compiled query, and just substitute the parameter next time this code is called.
Suggest changing to: using (var conn = new SqlConnection(yourConnectionString)) using (var cmd = new SqlCommand("insert into Foo values (@bar)", conn)) { cmd.Parameters.AddWithValue("@bar", 17); conn.Open(); cmd.ExecuteNonQuery(); }
(Moving an old answer to here as a comment) I left the using off the SqlCommand deliberately as the OP was looking for the "simplest" code to achieve the insert (although I kept it on the connection 'coz that's more important). I agree that it's good practice.
2

Since you seem to be just getting started with this now is the best time to familiarize yourself with the concept of a Data Access Layer (obligatory wikipedia link). It will be very helpful for you down the road when you're apps have more interaction with the database throughout and you want to minimize code duplication. Also makes for more consistent behavior, making testing and tons of other things easier.

Improve this answer

Comments

1 
using (SqlConnection myConnection new SqlConnection("Your connection string")) 
{ 
    SqlCommand myCommand = new SqlCommand("INSERT INTO ... VALUES ...", myConnection); 
    myConnection.Open(); 
    myCommand.ExecuteNonQuery(); 
}
Improve this answer

1 Comment

-1. This approach would encourage building up a SQL string by hand and not using parameterised SQL. Sorry

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.