I am sorry, I wasted the past hour to try to replicate this using the Documentation example I based my code from withour been able to get some (generic) code to share instead of mine.
But, the code of the trouble comes from what the screen shot shows, after all. If you tried to use this syntax, you know if it worked or if you had to change your mind.
the docs are correct. this it the way to avoid injection attack
you have to create your sql string with ? for every parameter and use an array (variant) or a list (sequence of values) that will be used for every ? in strict order
I suggest to use TF_xxxxx.Text.Trim otherwise extraspaces could be added and you could have problems in some query since ‘abc’ is different from ’ abc ’
Something to note… you’re sending an array of strings here, but some of the fields look like they probably contain numbers. Those items should be converted as they’re put into the array, otherwise they’ll have the wrong types when sent to the engine.