I expect that the SqlCommand class is the most referenced of all of the ADO.NET classesit's the only way you can execute a query with ADO.NET. Clearly, the SqlCommand class is your only query portal to SQL Serverit's used to format the queries you executethe questions you want to ask of SQL Server. It's also used by the Visual Studio tools to generate DataAdapter and TableAdapter objects, as well as in code you pound out on the keyboard. SqlCommand objects are also generated by the SqlCommandBuilder class both by the Visual Studio tools and (in some cases) by your code to generate the action queries needed to update your database. As you saw, the Parameters collection plays a big role in how you insert user input into these queries to focus the SELECT statements and populate the columns inserted into the database. The SqlCommand is also a gateway for hackers. Because of this, you need to ensure that all values captured from external sources are considered to be untrusted until validated. In later chapters, you'll see how to execute the SqlCommand object to return rowsets and make changes to the database. |