private void ExecuteQuery()
{
//command text to be paramatized
string cmdText = "SELECT col1, col2, col3 WHERE col1 = @col1";
//create connection
using (DbConnection conn = CreateConnection())
{
//create cmd
using (DbCommand cmd = CreateCommand(cmdText, conn))
{
//add parameters
col1 = "whatever";
cmd.Parameters.Add("@col1", col1);
conn.Open();
//create and execute reader
using (DbDataReader reader = cmd.ExecuteReader())
{
}
conn.Close();
}
}
}