Hi AllGenerally we are using the following code to update using ADODB
sql = "SELECT * FROM customers WHERE CustomerID=" + custID;
recordSet.Open(sql, connection, 1, 2);
recordSet("FirstName") = firstName;
recordSet("MiddleInitial") = middleInitial;
recordSet.Update();
recordSet.Close();
But, we are facing sql injection problem. so what we can't pass value directly to query. So I have changed to
var sqlcmd = Server.CreateObject("ADODB.Command");
sqlcmd.CommandText = sql;
sqlcmd.CommandType = 1;
sqlcmd.Parameters.Append(sqlcmd.CreateParameter("@column1",200,1 ,10,custID));
My Doubt is, How to update sqlcmd using recordset. can you please explain?