Hi All Generally we are using the following code to update using ADODB sql = "SELECT * FROM customers WHERE CustomerID=" + custID; recordSet.Open(sql, connection, 1, 2); recordSet("FirstName") = firstName; recordSet("MiddleInitial") = middleInitial; recordSet.Update(); recordSet.Close(); But, we are facing sql injection problem. so what we can't pass value directly to query. So I have changed to var sqlcmd = Server.CreateObject("ADODB.Command"); sqlcmd.CommandText = sql; sqlcmd.CommandType = 1; sqlcmd.Parameters.Append(sqlcmd.CreateParameter("@column1",200,1 ,10,custID)); My Doubt is, How to update sqlcmd using recordset. can you please explain?
.Net Developer CompIndia Infotech P Ltd Tiruapti. http://www.compindia.com
|