Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What does "WHERE x = ?" mean in SQL

Tags:

c#

sql

This code is written in C# and it is calling database to get the data from it. But I don't understand what does "WHERE b.CompRec = ?" mean

    public string GetFileNameAndTitle(int compRec)
    {
        string fileNameAndTitle = "";
        string sql = "SELECT a.FileName, a.Title FROM (Files a INNER JOIN Components b ON a.RecNo=b.FileRec) WHERE b.CompRec = ?";
        using (OleDbCommand cmd = new OleDbCommand(sql, cn))
        {               
            cmd.Parameters.AddWithValue("@CompRec", compRec);
            OpenConnection();    }
like image 607
S5498658 Avatar asked Nov 22 '25 11:11

S5498658

1 Answers

It is a parameterized statement.

cmd.Parameters.AddWithValue("@CompRec", compRec);

That line sets the actual value when the query is executed at the server. This prevents SQL Injection and is the 100% right approach!

like image 175
Mike Perrenoud Avatar answered Nov 25 '25 02:11

Mike Perrenoud
Sign in to Comment

Related questions

How to reliably determine that an entity is transient?
Removing pushpin from Bing map
How to own console for time of program execution?
Workaround for ParseControl not supporting inline code blocks?
Right listbox event to handle changes in listbox? (C#)
How to pass in a generic list to a method in c#
How to filter a query based on row number using LINQ with Entity Framework
Why does 'return x switch' generates 'if (1 == 0)' in ILSpy?
How to intersect mutliple list with Lambda Expression?
json.net IEnumerable
Enum Flags Negative Value
Zhang-Suen thinning algorithm C#
Is a C# generic dictionary of structs thread safe if it doesn't resize?
Nullable generic field in generic class
httpclient async/await or not
How can I convert a var type to int?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!