Question The best way to INSERT to Access ?

TheCoderMoe

New member
Joined
Feb 5, 2014
Messages
3
Programming Experience
Beginner
hey all
am a little bit new to C# and i was wondering what is the best way to use the SQL statement to insert data from Form application in to MS Access i found couple of codes on the internet but i really want the best effective and secure way to do this
please help
 
Last edited:

TheCoderMoe

New member
Joined
Feb 5, 2014
Messages
3
Programming Experience
Beginner
"Best" is always a relative term and what exactly is your security concern?
well i guess most of my security issue would be an SQL injection attacks i guess
since that i will be connecting to the data base using only the C# Code
 

jmcilhinney

C# Forum Moderator
Staff member
Joined
Apr 23, 2011
Messages
3,150
Location
Sydney, Australia
Programming Experience
10+
If you parameterise your SQL statements then you're safe from SQL injection. If you're not sure what that means or how to do it, follow the Blog link in my signature below and check out my post on Parameters In ADO.NET.

As for what's best, you can use raw ADO.NET (write all the SQL code and the objects to execute it yourself) or you can use a typed DataSet or you can use the Entity Framework all without going beyond the standard functionality of VS. If you want to bring in third-party tools then there are still more options. Which one is best? That depends on your criteria.

It sounds like you want to write all the code yourself, which is not a bad idea when starting out. It's more work but it helps to develop your understanding of the implementation details so that you are better able to design systems and diagnose issues when using the other technologies later on. For code examples of what I would consider to be the best way to implement the most common ADO.NET scenarios, check out this thread:

Retrieving and Saving Data in Databases
 

TheCoderMoe

New member
Joined
Feb 5, 2014
Messages
3
Programming Experience
Beginner
Done

If you parameterise your SQL statements then you're safe from SQL injection. If you're not sure what that means or how to do it, follow the Blog link in my signature below and check out my post on Parameters In ADO.NET.

As for what's best, you can use raw ADO.NET (write all the SQL code and the objects to execute it yourself) or you can use a typed DataSet or you can use the Entity Framework all without going beyond the standard functionality of VS. If you want to bring in third-party tools then there are still more options. Which one is best? That depends on your criteria.

It sounds like you want to write all the code yourself, which is not a bad idea when starting out. It's more work but it helps to develop your understanding of the implementation details so that you are better able to design systems and diagnose issues when using the other technologies later on. For code examples of what I would consider to be the best way to implement the most common ADO.NET scenarios, check out this thread:

Retrieving and Saving Data in Databases
thank you so much for the help it did really help a lot
 
Top Bottom