How do I re-write a SQL query as a parameterized query?
You need to use parameters instead of just concatenating together your SQL: using (SqlConnection con = new SqlConnection(–your-connection-string–)) using (SqlCommand cmd = new SqlCommand(con)) { string query = “SELECT distinct ha FROM app WHERE 1+1=2”; if (comboBox1.Text != “”) { // add an expression with a parameter query += ” AND firma = @value1 “; … Read more