(?,?...?) or (@field1,@field2...@fieldn) in parmeterized queries?

Question

Is this bad coding?

I have a query

INSERT INTO sometable (field1,field2...fieldn) VALUES (?,?,.....?)

Then

cmd.Parameters.Add("TOFnr", OdbcType.Int, 10).Value = orderId;
cmd.Parameters.Add("LineNr", OdbcType.Int, 10).Value = maxLineNr;
cmd.Parameters.Add("Date", OdbcType.VarChar, 8).Value = rowHeader["Date"];

The code works, except there was an if-conditional around an Add, causing the data after that line to get into the wrong variable.

The placeholders ("TOFnr" etc.) is only used for the programmers reference, not used by the sql or c# itself, right?

Isn't it less error-prone to used named parameters in the query?

INSERT INTO sometable (field1,field2...fieldn) VALUES (@TOFnr,@LineNr,.....@fieldn)

It is c# connecting to borland paradox over odbc.

Answer 1

Isn't it less error-prone to used named parameters in the query?

Yes, it is. Unfortunately the ADO.NET ODBC driver doesn't allow named SQL parameters to be passed along in the SQL statement, so unfortunately for you, it is not possible using the ODBC driver.

I am not an expert on Paradox, but there might be a driver specifically for Paradox which does allow named parameters. You might have more luck there.