Create Mssql database from c# - using Parameters

Posted by Alon M on Stack Overflow See other posts from Stack Overflow or by Alon M
Published on 2012-10-01T09:35:28Z Indexed on 2012/10/01 9:37 UTC
Read the original article Hit count: 220

Filed under:
|
|
|

i am trying to put up a code to create a databases from my c# code (asp.net website).

this is my code -

SqlCommand myCommand = new SqlCommand("CREATE DATABASE @dbname", nn);
                myCommand.Parameters.Add("dbname", dbname);

                myCommand.ExecuteNonQuery();
                nn.Close();

well, its not working. its giveing me an error - this one : incoreect syntex near '@dbname'.

BUT. if i wont use parameters, peolpe can sql inj to my database. do you have any idea how can use anything, to get the database name from a textbox. and that peolpe cant sql inj me db?

© Stack Overflow or respective owner

Related posts about c#

Related posts about ASP.NET