PC Review


Reply
Thread Tools Rate Thread

what's the best approach to follow for sql execute

 
 
Ganesh
Guest
Posts: n/a
 
      29th Jul 2007
Hi There,

What's the better way to follow when we use sql
string sql = "Inset into table(f1,f2) values (@f1, @f2)";

then add and passing parameters or in the first place itselef assign the
values to the string
string sql = "Inset into table(f1,f2) values (" + tbName.text + ", " +
tbCity.Text +");";

Thanks

Ganesh





 
Reply With Quote
 
 
 
 
Jesse Houwing
Guest
Posts: n/a
 
      29th Jul 2007
* Ganesh wrote, On 29-7-2007 13:31:
> Hi There,
>
> What's the better way to follow when we use sql
> string sql = "Inset into table(f1,f2) values (@f1, @f2)";
>
> then add and passing parameters or in the first place itselef assign the
> values to the string
> string sql = "Inset into table(f1,f2) values (" + tbName.text + ", " +
> tbCity.Text +");";



add and passing parameters is the only way to go. You'll be vulnerable
to all kinds of security issues otherwise. (read up on SQL Injection).

Jesse
 
Reply With Quote
 
 
 
 
William Vaughn
Guest
Posts: n/a
 
      30th Jul 2007
The best approach is to use parameters--unless you're adding a lot of rows.
In this case SqlBulkCopy is far better.

--
____________________________________
William (Bill) Vaughn
Author, Mentor, Consultant, Dad, Grandpa
Microsoft MVP
INETA Speaker
www.betav.com
www.betav.com/blog/billva
Please reply only to the newsgroup so that others can benefit.
This posting is provided "AS IS" with no warranties, and confers no rights.
__________________________________
Visit www.hitchhikerguides.net to get more information on my latest book:
Hitchhiker's Guide to Visual Studio and SQL Server (7th Edition)
and Hitchhiker's Guide to SQL Server 2005 Compact Edition (EBook)
-----------------------------------------------------------------------------------------------------------------------

"Ganesh" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi There,
>
> What's the better way to follow when we use sql
> string sql = "Inset into table(f1,f2) values (@f1, @f2)";
>
> then add and passing parameters or in the first place itselef assign the
> values to the string
> string sql = "Inset into table(f1,f2) values (" + tbName.text + ", " +
> tbCity.Text +");";
>
> Thanks
>
> Ganesh
>
>
>
>
>


 
Reply With Quote
 
 
 
Reply

Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Change "Control+click to follow link" to "Click to follow link" youla sigourou Microsoft Word Document Management 1 14th Sep 2006 12:44 PM
Follow Up Flags do not remind you to follow up - why not? =?Utf-8?B?eW9sYW5kYQ==?= Microsoft Outlook Discussion 8 12th Nov 2005 01:49 AM
Re: Follow-up Flag doesn't remind me to follow-up Sue Mosher [MVP-Outlook] Microsoft Outlook Discussion 0 8th Mar 2004 05:29 PM
Best way to synchronise data between databases - best approach? Angus Comber Microsoft Access 0 1st Jan 2004 01:37 AM
Best approach? Native Excel pivot for a SQL table Howard J Microsoft Excel Discussion 0 29th Oct 2003 12:20 AM


Features
 

Advertising
 

Newsgroups
 


All times are GMT +1. The time now is 02:04 AM.