Tuesday, February 14, 2012

does using sql parameters speed asp.net code up?

does using sql parameters speed asp.net code up?Depends on a lot of things. It's usually more secure than straight SQL code, which is what I'm assuming you're comparing this to. Also, if you are using stored procedures they are a bit speedier on the server side (but I don't know if you'd notice it, depends on the app).

But from a security perspective (to avoid SQL injection attacks), it's a good idea. IMHO|||I have a question about paramaters then.. I have only seen sample for INSERT how about UPDATE AND DELETE?

Here is my insert statement

SQL = "INSERT INTO table1(id, key_data) VALUES (@.ID, @.key)"

conn = New SQLConnection(SQLserver)
dbComm2 = New SqlCommand(SQL,conn)
dbComm2.Parameters.Add(New SqlParameter("@.ID", Session("id")))
dbComm2.Parameters.Add(New SqlParameter("@.key", KeyGeN))

How would i change these for delete and Update?

thanks|||xactly the same...just change your query


update table set col=@.var1, col2=@.var2 where col3=@.var3

then add the variables and their values like you did above

same for delete also

hth

Posted by pou at 9:03 AM
Labels: , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)