.NET Parameterized Queries

Dim QueryString As String = "SELECT * FROM Table1 WHERE Field1 LIKE @p1"
Dim Cmd As OleDbCommand = New OleDbCommand(QueryString, Connection)
Cmd.Parameters.Add("@p1", OleDbType.Char, 3).Value = "a"

strSQL = "INSERT INTO customer (CustomerID,Name,Email,CountryCode,Budget,Used) " & _
"VALUES (@sCustomerID,@sName,@sEmail,@sCountryCode,@sBudget,@sUsed)"

objCmd = New System.Data.OleDb.OleDbCommand(strSQL,objConn)

With objCmd
.Parameters.Add(New OleDbParameter("@sCustomerID","C005"))
.Parameters.Add(New OleDbParameter("@sName","Weerachai Nukitram"))
.Parameters.Add(New OleDbParameter("@sEmail","[email protected]"))
.Parameters.Add(New OleDbParameter("@sCountryCode","TH"))
.Parameters.Add(New OleDbParameter("@sBudget","2000000"))
.Parameters.Add(New OleDbParameter("@sUsed","1000000"))
End With

strSQL = "INSERT INTO customer (CustomerID,Name,Email,CountryCode,Budget,Used) " & _
"VALUES (?sCustomerID,?sName,?sEmail,?sCountryCode,?sBudget,?sUsed)"

objCmd = New MySql.Data.MySQLClient.MySQLCommand(strSQL,objConn)

With objCmd
.Parameters.Add(new MySQLParameter("?sCustomerID", "C005"))
.Parameters.Add(new MySQLParameter("?sName", "Weerachai Nukitram"))
.Parameters.Add(new MySQLParameter("?sEmail", "[email protected]"))
.Parameters.Add(new MySQLParameter("?sCountryCode", "TH"))
.Parameters.Add(new MySQLParameter("?sBudget", "2000000"))
.Parameters.Add(new MySQLParameter("?sUsed", "100000"))
End With

strSQL = "INSERT INTO customer (CustomerID,Name,Email,CountryCode,Budget,Used) " & _
"VALUES (@sCustomerID,@sName,@sEmail,@sCountryCode,@sBudget,@sUsed)"

objCmd = New System.Data.SqlClient.SqlCommand(strSQL,objConn)

With objCmd
.Parameters.Add(New SqlParameter("@sCustomerID","C005"))
.Parameters.Add(New SqlParameter("@sName","Weerachai Nukitram"))
.Parameters.Add(New SqlParameter("@sEmail","[email protected]"))
.Parameters.Add(New SqlParameter("@sCountryCode","TH"))
.Parameters.Add(New SqlParameter("@sBudget","2000000"))
.Parameters.Add(New SqlParameter("@sUsed","1000000"))
End With

strSQL = "INSERT INTO customer (CustomerID,Name,Email,CountryCode,Budget,Used) " & _
"VALUES (:sCustomerID,:sName,:sEmail,:sCountryCode,:sBudget,:sUsed)"

objCmd = New System.Data.OracleClient.OracleCommand(strSQL,objConn)
With objCmd
.Parameters.Add(new OracleParameter(":sCustomerID", "C005"))
.Parameters.Add(new OracleParameter(":sName", "Weerachai Nukitram"))
.Parameters.Add(new OracleParameter(":sEmail", "[email protected]"))
.Parameters.Add(new OracleParameter(":sCountryCode", "TH"))
.Parameters.Add(new OracleParameter(":sBudget", "2000000"))
.Parameters.Add(new OracleParameter(":sUsed", "100000"))
End With

strSQL = "INSERT INTO customer (CustomerID,Name,Email,CountryCode,Budget,Used) " & _
"VALUES (?,?,?,?,?,?)"

objCmd = New System.Data.Odbc.OdbcCommand(strSQL,objConn)
With objCmd
.Parameters.Add(New OdbcParameter("@sCustomerID","C005"))
.Parameters.Add(New OdbcParameter("@sName","Weerachai Nukitram"))
.Parameters.Add(New OdbcParameter("@sEmail","[email protected]"))
.Parameters.Add(New OdbcParameter("@sCountryCode","TH"))
.Parameters.Add(New OdbcParameter("@sBudget","2000000"))
.Parameters.Add(New OdbcParameter("@sUsed","1000000"))
End With