Parameterized query

Hey everyone,

I am currently using Microsofts DataAccess Application
block ( SQLHelper ) and what I want to do is use a
parameterized query instead of just SQL. I can not use
stored procedures, I just want to create an sql statement
such as this:
Dim SelectStatement As String = _
"SELECT folder_id, " & _
"document, " & _
"doc_page, " & _
"user_id, " & _
"notes_date, " & _
"notes_access, " & _
"notes_title, " & _
"notes_text " & _
"FROM pwv_doc_notes_tbl " & _
"WHERE document = ? AND " & _
"folder_id = ? AND " & _
"(user_id = ? OR " & _
"notes_access <> 1 )"

And then create 3 parameters:
Dim Param1 As SQLDataParameter("Document", document)
Dim Param2 As SQLDataParameter("FolderId",folderId)
Dim Param3 As SQLDataParameter("UserId", userId)

And executeDataset:
Ds = SqlHelper.ExecuteDataset(CommandType.Text,
SelectStatement, Param1, Param2, Param3)

This doesn't work but I am new to parameterized queries so
I am curious if anyone can shed some light on what I am
doing wrong?
I appologize if this is unclear...
Thanks

JorellProbably not the right group for this question, but here is an answer...

Instead of using the question mark, use a names T-SQL parameter. For
example:

string sql = "SELECT * FROM authors WHERE fname=@.fname"
SqlParameter param = new SqlParameter( "@.fname", "Peter" );

Etc...

--
--------------------
Peter Provost
Weblog: http://www.peterprovost.org/
--------------------

"Jorell" <anonymous@.discussions.microsoft.com> wrote in message
news:00ae01c3aebd$f68e03a0$a301280a@.phx.gbl...
> Hey everyone,
> I am currently using Microsofts DataAccess Application
> block ( SQLHelper ) and what I want to do is use a
> parameterized query instead of just SQL. I can not use
> stored procedures, I just want to create an sql statement
> such as this:
> Dim SelectStatement As String = _
> "SELECT folder_id, " & _
> "document, " & _
> "doc_page, " & _
> "user_id, " & _
> "notes_date, " & _
> "notes_access, " & _
> "notes_title, " & _
> "notes_text " & _
> "FROM pwv_doc_notes_tbl " & _
> "WHERE document = ? AND " & _
> "folder_id = ? AND " & _
> "(user_id = ? OR " & _
> "notes_access <> 1 )"
> And then create 3 parameters:
> Dim Param1 As SQLDataParameter("Document", document)
> Dim Param2 As SQLDataParameter("FolderId",folderId)
> Dim Param3 As SQLDataParameter("UserId", userId)
> And executeDataset:
> Ds = SqlHelper.ExecuteDataset(CommandType.Text,
> SelectStatement, Param1, Param2, Param3)
> This doesn't work but I am new to parameterized queries so
> I am curious if anyone can shed some light on what I am
> doing wrong?
> I appologize if this is unclear...
> Thanks
> Jorell