Adding Data Commands to a Form or Component
ADO.NET data commands give you the ability to execute commands directly against a database or other data source, without needing a dataset or data adapter. For more information, see Introduction to DataCommand Objects in Visual Studio.
Before executing a data command, you add an instance of a command object to your form or component and configure it. Visual Studio includes tools to help you do this at design time.
Security Note When using data commands with a CommandType property set to Text, carefully check information that is sent from a client before passing it to your database. Malicious users might try to send (inject) modified or additional SQL statements in an effort to gain unauthorized access or damage the database. Before you transfer user input to a database, you should always verify that the information is valid; best practice is to always use parameterized queries or stored procedures when possible. For more information, see Security Considerations regarding SQL Statements.
To add a data command to a form or component
- If you do not already have a connection object available on the form or component, add one. For more information, see Creating ADO.NET Connection Objects.
- From the Data tab of the Toolbox, drag an OleDbCommand, SqlCommand, OdbcCommand, or OracleCommand object onto your form or component.
Note Data adapters, data connections, data commands, and data readers are the components that make up a .NET Framework data provider. Microsoft and third-party providers can make available other .NET Framework data providers that can be integrated into Visual Studio. For more information, see .NET Framework Data Providers.
- Set the following properties for the data command.
Property Description (Name) The name by which you want to refer to the command in code. Connection A reference to a connection object that the command will use to communicate with the database. You can select an existing connection from the drop-down list. CommandType A value specified by the CommandType enumeration indicating what type of command you want to execute:
- Text An SQL statement.
- StoredProcedure A stored procedure.
- TableDirect A way of fetching the entire contents of a table. (TableDirect is only supported by the .NET Framework Data Provider for OLE DB.)
CommandText The command to execute. The exact text you specify depends on the value of the CommandType property:
- Text Enter the actual SQL statement to execute.
- StoredProcedure Enter the name of the stored procedure.
- TableDirect Enter the name of the table to fetch. (TableDirect is only supported by the .NET Framework Data Provider for OLE DB.)
Parameters A collection of parameter objects of type (OleDbParameter, SqlParameter, OdbcParameter, or OracleParameter). You can pass data to the command by setting properties of individual parameters.
For more information on configuring parameters, see Configuring Parameters for Data Adapters. For more information about passing and receiving parameter values, see Setting and Getting Data Command Parameters.
After you have added a data command, you need to execute it.
|If you want to return a ...||See|
|Result set||Executing a Data Command that Returns a Result Set|
|Count of affected records||Executing Updates or Database Commands Using a Data Command|
|Scalar value||Executing a Data Command that Returns a Single Value|
|Result set as XML||Obtaining Data as XML from SQL Server|
Introduction to DataCommand Objects in Visual Studio | Working with Data Commands: High-Level Process | Parameters in Data-Adapter Commands | Configuring Parameters for Data Adapters | Setting and Getting Data Command Parameters