This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 76%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
I am trying to connect to a SQL Server table and update or register data in a program created in C#.
In order to create a program that can take measures against SQL injection and support N prefixes, I am thinking of using the AddWithValue method, a method that belongs to the Parameters property of the SqlCommand object.
However, the AddWithVaue method is deprecated in MSDN.
What problems will occur if I use the AddWithValue method?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi, @那由多. Welcome to Microsoft Q&A.
According to my investigation, it seems that Parameters.AddWithValue(String, Object) has not been deprecated.
Is the deprecation you learned about Parameters.Add(String, Object): Related Documents
Could you provide a link about Parameters.AddWithValue(String, Object) being deprecated?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 19%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)
<Moderator's Note>
This was introduced by the Microsoft Community and posted to Microsoft Q&A.
MSDNがAddWithValueメソッドを非推奨にしている理由
Microsoft Q&A(en-us)
Why MSDN deprecates the AddWithValue method
Microsoft Q&A(ja-jp)
MSDNがAddWithValueメソッドを非推奨にしている理由
Hi, @那由多.
Is there any update to the question? Has your problem been solved? If so, you could share it here. If you still have problems, please describe your current problem in more detail.
AddWithValue is evil, and you should absolutely not use it. From the naïve C# programmer's perspective, it may seem slick, but it is a disaster on the database side.
Dan Guzman explains this very well in his blog post https://www.dbdelta.com/addwithvalue-is-evil/
Sorry for the delay in replying.
Thank you for your reply.
I have read the literature.
I now understand the problems that can occur when using the AddWithValue method.
I will use it as a reference to create my program.
Thank you very much.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 82%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
AddWithValue is absolutely not "evil" (what a silly adjective for a programming concept!). Rather, it is easy to fall into traps when your data expands beyond simple, short input. Dealing with long strings? Unicode? Dates? You might end up with data different than what you expect in your SQL database if you use AddWithValue.
However, you can use AddWithValue just fine, without issue, in new code today. I use Add in new code wherever I need to declare Parameters for a SQL query in .NET, but I do maintain one ASP.NET website that has used AddWithValue for writing ~100,000 records over ~10 years for a medium-sized organization. Guess how many problems have arisen from that? Zero. Guess how many times people considered that website or process "evil"? Also zero.
A better (read: less childish) take on the problems with AddWithValue might be, for example: https://web.archive.org/web/20170518012142/http://blogs.msmvps.com/jcoehoorn/blog/2014/05/12/can-we-stop-using-addwithvalue-already/