Home Library Learn Downloads Support Community
Sign in | United States - English | |
3 out of 7 rated this helpful - Rate this topic

SqlCommand.Parameters Property

.NET Framework 4

Namespace:  System.Data.SqlClient
Assembly:  System.Data (in System.Data.dll)
C#
C++
F#
VB
Copy 
public SqlParameterCollection Parameters { get; }

Property Value

Type: System.Data.SqlClient.SqlParameterCollection
The parameters of the Transact-SQL statement or stored procedure. The default is an empty collection.

The Microsoft .NET Framework Data Provider for SQL Server does not support the question mark (?) placeholder for passing parameters to a SQL Statement or a stored procedure called by a command of CommandType.Text. In this case, named parameters must be used. For example:

SELECT * FROM Customers WHERE CustomerID = @CustomerID

Note Note

If the parameters in the collection do not match the requirements of the query to be executed, an error may result.

For more information, see Configuring Parameters and Parameter Data Types (ADO.NET).

The following example demonstrates how to create a SqlCommand and add parameters to the SqlParameterCollection.

C#
VB
Copy 

private static void UpdateDemographics(Int32 customerID,
    string demoXml, string connectionString)
{
    // Update the demographics for a store, which is stored 
    // in an xml column. 
    string commandText = "UPDATE Sales.Store SET Demographics = @demographics "
        + "WHERE CustomerID = @ID;";

    using (SqlConnection connection = new SqlConnection(connectionString))
    {
        SqlCommand command = new SqlCommand(commandText, connection);
        command.Parameters.Add("@ID", SqlDbType.Int);
        command.Parameters["@ID"].Value = customerID;

        // Use AddWithValue to assign Demographics.
        // SQL Server will implicitly convert strings into XML.
        command.Parameters.AddWithValue("@demographics", demoXml);

        try
        {
            connection.Open();
            Int32 rowsAffected = command.ExecuteNonQuery();
            Console.WriteLine("RowsAffected: {0}", rowsAffected);
        }
        catch (Exception ex)
        {
            Console.WriteLine(ex.Message);
        }
    }
}

.NET Framework

Supported in: 4, 3.5, 3.0, 2.0, 1.1, 1.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1

Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows XP SP2 x64 Edition, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.
Did you find this helpful?
(1500 characters remaining)
Community Content Add
Annotations FAQ
Don't use Parameters.Add() method in most cases
Don't use the Parameters.Add() method to add your parameters to your statement/stored proc call. The better way is to use Parameters.AddWithValue("ParamName",objValue); This method will automatically choose the correct SQL type based on the type of the second argument.

http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlparametercollection.addwithvalue.aspx

History
A generic method for executing queries
How would you write a method that would have some parameters to allow executing queries with varying number parameters? The method might return a single DataTable or a DataSet when execution retrieves data from the DB. The method should also be used for running queries with no params.
History
The @ is not necessary in the parameter name!
The @ is not necessary in the parameter name!
History