I am currently using v1.2.9.0 in a dll to write to a SQL database from a
config file on the 2.0 .NET Framework.
I have successfully set up my config file to write directly to SQL with
System.Data.SqlClient.SqlConnection. I need to be able to support multiple
database types, so I am using and ODBC connection to my database. I am
having problems configuring the commandText node to match the parameters
properly. I have seen posts using conversionPattern for use with Firebird
but everyone states that it leaves you open for SQL injection, which is not
something I want to do.
When building a database command in .NET using the OdbcConnection class, you
must use a question mark (?) in place of a parameter when building your
queries that way.
Ex: CommandText = "UPDATE Friends SET FirstName=? WHERE FriendId=?"
Parameters.Add(New OdbcParameter("", OdbcType.Int, 4, " FriendId"))
Parameters.Add(New OdbcParameter("", OdbcType.VarChar,50,"FirstName"))
I have tried this approach with the config file without any luck so I am not
sure if it is possible or if I'm just missing something.
Below is an example I use (successfully) to connect directly to SQL:
<connectionType value="System.Data.SqlClient.SqlConnection,
System.Data, Version=1.0.3300.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089" />
<connectionString value="" />
<commandText value="INSERT INTO MyLog
([Date],[Thread],[Level],[Logger],[Message]) VALUES (@log_date, @thread,
@log_level, @logger, @message)" />
<parameter>
<parameterName value="@log_date" />
<dbType value="DateTime" />
<layout type="log4net.Layout.RawTimeStampLayout"/>
</parameter>
<parameter>
<parameterName value="@thread" />
<dbType value="String" />
<size value="255" />
<layout type="log4net.Layout.PatternLayout">
<conversionPattern value="%thread" />
</layout>
</parameter>
...
Does anyone have any examples for me to try for the OdbcConnection class?
Thanks in advance!
