This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 76%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
I am trying to connect to a SQL Server table and update or register data in a program created in C#.
In order to create a program that can take measures against SQL injection and support N prefixes, I am thinking of using the AddWithValue method, a method that belongs to the Parameters property of the SqlCommand object.
However, the AddWithVaue method is deprecated in MSDN.
What problems will occur if I use the AddWithValue method?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 62%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHY%3C/text%3E%3C/svg%3E)
Hi, @那由多. Welcome to Microsoft Q&A.
According to my investigation, it seems that Parameters.AddWithValue(String, Object) has not been deprecated.
Is the deprecation you learned about Parameters.Add(String, Object): Related Documents
Could you provide a link about Parameters.AddWithValue(String, Object) being deprecated?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 19%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)
<Moderator's Note>
This was introduced by the Microsoft Community and posted to Microsoft Q&A.
MSDNがAddWithValueメソッドを非推奨にしている理由
Microsoft Q&A(en-us)
Why MSDN deprecates the AddWithValue method
Microsoft Q&A(ja-jp)
MSDNがAddWithValueメソッドを非推奨にしている理由
Hi, @那由多.
Is there any update to the question? Has your problem been solved? If so, you could share it here. If you still have problems, please describe your current problem in more detail.
AddWithValue is evil, and you should absolutely not use it. From the naïve C# programmer's perspective, it may seem slick, but it is a disaster on the database side.
Dan Guzman explains this very well in his blog post https://www.dbdelta.com/addwithvalue-is-evil/
Sorry for the delay in replying.
Thank you for your reply.
I have read the literature.
I now understand the problems that can occur when using the AddWithValue method.
I will use it as a reference to create my program.
Thank you very much.