M
Mark
Hi all, a quick ADO.NET question in regards to the command object.
What are the advantages (if any) of specifying command parameters when
executing a stored procedure over just calling the stored procedure via
dynamic SQL?
// Pseudo code below using dynamic SQL
private void InsertPerson(string sName)
{
SqlCommand myCommand = new SqlCommand(........
// Build the dynamic SQL
myCommand.CommandText = "EXEC spAddPerson '" + sName + "'";
// Execute the command against the database
myCommand.ExecuteNonQuery();
}
// Pseudo code below using SQL Parameters
private void InsertPerson(string sName)
{
SqlCommand myCommand = new SqlCommand(........
myCommand.Parameters.Add("@Name", SqlDbType.VarChar);
myCommand.Parameters["@Name"].Value = sName;
myCommand.ExecuteNonQuery();
}
Thanks in advance
Mark
What are the advantages (if any) of specifying command parameters when
executing a stored procedure over just calling the stored procedure via
dynamic SQL?
// Pseudo code below using dynamic SQL
private void InsertPerson(string sName)
{
SqlCommand myCommand = new SqlCommand(........
// Build the dynamic SQL
myCommand.CommandText = "EXEC spAddPerson '" + sName + "'";
// Execute the command against the database
myCommand.ExecuteNonQuery();
}
// Pseudo code below using SQL Parameters
private void InsertPerson(string sName)
{
SqlCommand myCommand = new SqlCommand(........
myCommand.Parameters.Add("@Name", SqlDbType.VarChar);
myCommand.Parameters["@Name"].Value = sName;
myCommand.ExecuteNonQuery();
}
Thanks in advance
Mark