Using connection As New OleDbConnection(connectionString) Using command As New OleDbCommand(query, connection) ' Use parameters to prevent SQL Injection command.Parameters.AddWithValue("@FirstName", txtFirstName.Text) command.Parameters.AddWithValue("@LastName", txtLastName.Text) command.Parameters.AddWithValue("@Department", txtDepartment.Text) command.Parameters.AddWithValue("@Salary", CDec(txtSalary.Text))
Never concatenate strings (e.g., "WHERE ID = " & txtID.Text ) into your SQL queries. Always use ? placeholders or named parameters to protect your database from SQL injection attacks.
Using connection As New OleDbConnection(connectionString) Using command As New OleDbCommand(query, connection) ' Use parameters to prevent SQL Injection command.Parameters.AddWithValue("@FirstName", txtFirstName.Text) command.Parameters.AddWithValue("@LastName", txtLastName.Text) command.Parameters.AddWithValue("@Department", txtDepartment.Text) command.Parameters.AddWithValue("@Salary", CDec(txtSalary.Text))
Never concatenate strings (e.g., "WHERE ID = " & txtID.Text ) into your SQL queries. Always use ? placeholders or named parameters to protect your database from SQL injection attacks. vb.net access database example