Adds a named parameter to the command.
Named parameters can be used instead of any SQL expression.
Named parameters have several advantages over regular queries:
· Easy to use.
· No need to escape special characters.
· Protect against SQL injections.
· Significantly faster when the same query (with possibly different values) is used
several times.
Syntax: AddParameter (Name As String)
Example: (cmd is a Command object and con is a Connection object)
cmd.AddParameter("value1")
cmd.AddParameter("value2")
cmd.CommandText = "INSERT INTO [table1] (col1,col2) VALUES
(@value1,@value2)"
Con.BeginTransaction
cmd.SetParameter("value2","SomeValue")
For i = 0 To 10
cmd.SetParameter("value1",i * 2)
cmd.ExecuteNonQuery
Next
Con.EndTransaction