[SOLVED] vb .net CDATA for storing SQL multiline string, mixing with VB variables

vb .net CDATA for storing SQL multiline string, mixing with VB variables

I'm using CDATA to store all multiline SQL string "as is" (thanks some stackoverflow old answer) like this:

Dim cmd As String = <![CDATA[
INSERT INTO devices
VALUES (
    NULL , 
    'ONE', 
    'TWO', 
    (
        SELECT manufacturer_id FROM manufacturers WHERE manufacturer_name = "Bloom"
    )
)
]]>.Value()

The problem is I need to brake this for using VB variables. There is another way instead of multiple CDATA's ?

<![CDATA[ ...... ]]>.Value() + myVBvar +  <![CDATA[ ...... ]]>.Value()

Solution

Try using SqlParameters

Dim commandString As String = <![CDATA[
  INSERT INTO blah VALUES (@One, @Two, @Three, @n)
 ]]>,Value()

Using command As SqlCommand = new SqlCommand(commandString, connection)
  command.Parameters.AddWithValue("@One", valueOne)
  command.Parameters.AddWithValue("@Two", valueTwo) '  etc...

  '  command.execute
End Using