C
Carl Fenley
I'm using MS-Acess 2003 only. This question is not related to SQL Server or
MSDE at all.
Is there any considerable difference in terms of performance, security, or
function between these two examples, one using an SQL statement with the '@'
parameter and the other a stored procedure.
***** Example #1 *****
sqlstmt = "SELECT People " & _
"FROM AllPeople " & _
"WHERE People = @Person"
Dim oleCmd As New OleDbCommand(sqlstmt, OleDbConn)
Dim oleDa As New OleDbDataAdapter(oleCmd)
oleCmd.Parameters.Add("@Person", userInput)
oleDa.Fill(ds)
***** ***** *****
The next example assumes the following stored procedure:
CREATE PROC usp_PeopleByPerson(inPerson VARCHAR(50)) AS SELECT People FROM
AllPeople WHERE People = inPerson
***** Example #2 *****
Dim oleCmd As New OleDbCommand
Dim paramID As New OleDbParameter
oleCmd.CommandText = "EXECUTE usp_PeopleByPerson"
With paramID
.ParameterName = "inPerson"
.OleDbType = OleDbType.VarChar
.Size = 50
.Value = userInput
End With
reader = dbCommand.ExecuteReader(CommandBehavior.CloseConnection)
***** ***** *****
Any comments on this are greatly appreciated.
carl
MSDE at all.
Is there any considerable difference in terms of performance, security, or
function between these two examples, one using an SQL statement with the '@'
parameter and the other a stored procedure.
***** Example #1 *****
sqlstmt = "SELECT People " & _
"FROM AllPeople " & _
"WHERE People = @Person"
Dim oleCmd As New OleDbCommand(sqlstmt, OleDbConn)
Dim oleDa As New OleDbDataAdapter(oleCmd)
oleCmd.Parameters.Add("@Person", userInput)
oleDa.Fill(ds)
***** ***** *****
The next example assumes the following stored procedure:
CREATE PROC usp_PeopleByPerson(inPerson VARCHAR(50)) AS SELECT People FROM
AllPeople WHERE People = inPerson
***** Example #2 *****
Dim oleCmd As New OleDbCommand
Dim paramID As New OleDbParameter
oleCmd.CommandText = "EXECUTE usp_PeopleByPerson"
With paramID
.ParameterName = "inPerson"
.OleDbType = OleDbType.VarChar
.Size = 50
.Value = userInput
End With
reader = dbCommand.ExecuteReader(CommandBehavior.CloseConnection)
***** ***** *****
Any comments on this are greatly appreciated.
carl