InstantForum.NET v2.9.0SQLServerCentralhttp://www.sqlservercentral.com/Forums/notifications@sqlservercentral.comWed, 22 May 2013 00:05:26 GMT20http://www.sqlservercentral.com/Forums/Topic1428271-23-1.aspxCan anyone tell me if the following two methods of sending information to a store procedure are behaving in the same way? Is there a benefit to one over the other, mostly in terms of security? Both ways work for me, I'm just wondering what the difference is. Thank you!--METHOD #1-- cmd.CommandText = "spGetInfo" cmd("@InfoID") = CInt(InfoID)) cmd("@Visits") = CInt(1) cmd("@View") = "Full" Set rs = Server.CreateObject("ADODB.Recordset") rs.CursorLocation = 3 rs.CursorType = 3 rs.LockType = 3 rs.Open Cmd --METHOD #2-- cmd.CommandText = "spGetInfo" cmd.CommandType = 4 cmd.Prepared = true cmd.Parameters.Append cmd.CreateParameter("@InfoID", 3, 1, 4, CInt(InfoID)) cmd.Parameters.Append cmd.CreateParameter("@Visits", 3, 1, 4, CInt(1)) cmd.Parameters.Append cmd.CreateParameter("@View", 200, 1, 30, "Full") Set rs = Server.CreateObject("ADODB.Recordset") rs.CursorLocation = 3 rs.CursorType = 3 rs.LockType = 3 rs.Open Cmd--STORED PROCEDURE-- ALTER PROCEDURE [spGetInfo] @InfoID int = 0, @Visits int = 0, @View nvarchar(10) = null AS IF @View = 'Full' BEGIN SELECT * FROM tbInfo WHERE InfoID = @InfoID ENDThu, 07 Mar 2013 14:35:44 GMTgbatta