Thread: Response.write Paramatised Sql

hi, i think you can't write on the screen "strUpdate" string with parameter because they fill internally so when erver you print "strUpdate" thye only print you orignaly string.

Hi vipuldonga, thanks for replying, i agree with what you are saying, but at some point the paramatised query has to be passed over to sql as an sql string containing bill and 1, i somehow need to capture it and this point?

Dim strUpdate As String Dim cmdUpdate As SqlCommand strUpdate = "UPDATE test_tbl SET Name = "&Name&" WHERE eUID = "&eUID&" cmdUpdate = New SqlCommand(strUpdate, sqlConn) you do not need these two lines cmdUpdate.Parameters.AddWithValue("@Name", “bill”) cmdUpdate.Parameters.AddWithValue("@eUID", “1”)...

Hi sanjeev, I could but this would leave it more open to sql injection if i used non paramatised.

Hi cookie_powered, As I know, you may not get the final query from a sqlcommand object. You can also debug the application and check the sqlcommand object. To get the expected result, I guess you may have to do it manually which I mean you can do it like this: 1) Display the default sql query. 2) Loop through the parameter collection and display the parameter values....