Hi, i have code right now with string concatenation like :
sSQL = "select * from table where a=b";
if (current.Request["ct"] != null && current.Request[ct] != "")
{
sSQL += " AND ct = '" + current.Request[ct] + "' ";
}
if (current.Request["dt"] != null && current.Request[dt] != "")
sSQL += " AND dt = '" + current.Request[dt] + "' ";
and few more (if statements) like these.......
Now i want to use sqlparameters instead for efficiency.
Problem is how can i do that? Do i have to write those if's to concatenate sSQL and then assign it to command object and then write if's again for adding parameters? i am sure there is an efficient way to do this.
thanks
-Samir