I am new to prepared statements in vb.net and Microsoft SQL Server 2008. I can't really find any good sources for connecting to a database via connection string and executing prepared statements. Could someone show me an example or point me to a resource that might be useful?
Prepared statements are nothing but Parametrized SqlCommands enclosed in a Transaction.
For example, this is a Prepared Statement:
Using c As New SqlConnection(ConfigurationManager.ConnectionStrings("ConnectionString").ConnectionString) c.Open() using mytransaction = c.BeginTransaction() Dim command = New SqlCommand("INSERT INTO yourtable(image) values (@image)", c) ''# this is specific to the FileUploadControl but the idea is to get the ''#image in a byte array; however you do it, it doesn't matter Dim buffer(FileUpload1.PostedFile.ContentLength) As Byte FileUpload1.PostedFile.InputStream.Read(buffer, 0, buffer.Length) command.Parameters.AddWithValue("@image", buffer) command.ExecuteNonQuery() mytransaction .Commit() End Using End Using