I'm using CDATA to store all multiline SQL string "as is" (thanks some stackoverflow old answer) like this:
Dim cmd As String = <![CDATA[
INSERT INTO devices
VALUES (
NULL ,
'ONE',
'TWO',
(
SELECT manufacturer_id FROM manufacturers WHERE manufacturer_name = "Bloom"
)
)
]]>.Value()
The problem is I need to brake this for using VB variables. There is another way instead of multiple CDATA's ?
<![CDATA[ ...... ]]>.Value() + myVBvar + <![CDATA[ ...... ]]>.Value()
Try using SqlParameters
Dim commandString As String = <![CDATA[
INSERT INTO blah VALUES (@One, @Two, @Three, @n)
]]>,Value()
Using command As SqlCommand = new SqlCommand(commandString, connection)
command.Parameters.AddWithValue("@One", valueOne)
command.Parameters.AddWithValue("@Two", valueTwo) ' etc...
' command.execute
End Using