Wednesday, April 10, 2013

How to pass parameters to SQL server Procedure in ASP.net

using this article you can call a stored procedure and pass the parameters. Using this way we are on safe side from SQL Injection attack, you can also pass the output return type parameters also. You have to use Microsoft.ApplicationBlocks.Data.dll for this method

You have to call ASP.net namespaces:-
using System.Data;
using System.Data.SqlClient;
using System.Text;
using Microsoft.ApplicationBlocks.Data;
  public static void SaveAddressDetails(string latitude, string longitude, string Address)
    {
        SqlParameter[] objParameter;
        try
        {
            objParameter = new SqlParameter[2];
            objParameter[0] = new SqlParameter("@latitude", latitude);
            objParameter[1] = new SqlParameter("@longitude", longitude);
            objParameter[2] = new SqlParameter("@Address", Address);           
           ObjParameter[3] = new SqlParameter("@ReturnMsg", SqlDbType.VarChar, 200);
            ObjParameter[3].Direction = ParameterDirection.Output;

        int   Status = Convert.ToInt32( SqlHelper.ExecuteNonQuery(Config.DbConn, CommandType.StoredProcedure,  "AreaAddress", objParameter));
         if (Status > 0)
                return true;
            else
            {
               litmessage.text= ObjParameter[12].Value.ToString();
                return false;
            }
        }
        catch (Exception ex)
        {

        }
        finally
        {
            objParameter = null;
}
        }

 
Posted by at