Some code fragments I have seen so far...
- Being sure of the type (!)
" ".ToString()
"".ToString()
- Creating sql queries in code:
string query = "SELECT * FROM Customers WHERE customerName '" + customerName + "'";
no parameter, no string.Format()
Better version
string query = "SELECT * FROM Customers WHERE customerName LIKE '%" + customerName + "%'";
yeah.. using LIKE.. with no reason.
- Being sure of the type (!)
" ".ToString()
"".ToString()
- Creating sql queries in code:
string query = "SELECT * FROM Customers WHERE customerName '" + customerName + "'";
no parameter, no string.Format()
Better version
string query = "SELECT * FROM Customers WHERE customerName LIKE '%" + customerName + "%'";
yeah.. using LIKE.. with no reason.
Hiç yorum yok:
Yorum Gönder