parameterized sql query - asp.net / c#

Question

So I recently learned that I should absolutely be using parametrized query\'s to avoid security issues such as SQL injection. That\'s all fine and all, I got it working.

Answer 1

Better still, use my shiny new Visual Studio extension. You declare your parameters in your sql, intact in its own file. My extension will run your query when you save your file, and will make you a wrapper class to call at runtime, and a results class to access your results, with intellisense all over da place. You will see your sql parameters as arguments to the Execute() methods of the wrapper class. You will never have to write another line of parameter code in C#, or reader code, or cmd, or even connection (unless you want to manage that yourself). Gone gone gone :-)