cmd("@xxx") vs cmd.Parameters.Append cmd.CreateParameter("@xxx")

SQLServerCentral is supported by Red Gate Software Ltd.

Popular Topics

Home

Members

Calendar

Who's On

Home » Programming » General » cmd("@xxx") vs cmd.Parameters.Append...

cmd("@xxx") vs cmd.Parameters.Append cmd.CreateParameter("@xxx")

Rate Topic

Display Mode

Topic Options

Author

Message

gbatta

Posted Thursday, March 07, 2013 2:35 PM

Forum Newbie

Group: General Forum Members
Last Login: Friday, March 08, 2013 4:20 AM
Points: 1, Visits: 10

Can anyone tell me if the following two methods of sending information to a store procedure are behaving in the same way? Is there a benefit to one over the other, mostly in terms of security? Both ways work for me, I'm just wondering what the difference is. Thank you!

--METHOD #1--
cmd.CommandText = "spGetInfo"
cmd("@InfoID") = CInt(InfoID))
cmd("@Visits") = CInt(1)
cmd("@View") = "Full"

Set rs = Server.CreateObject("ADODB.Recordset")
rs.CursorLocation = 3
rs.CursorType = 3
rs.LockType = 3
rs.Open Cmd

--METHOD #2--
cmd.CommandText = "spGetInfo"
cmd.CommandType = 4
cmd.Prepared = true

cmd.Parameters.Append cmd.CreateParameter("@InfoID", 3, 1, 4, CInt(InfoID))
cmd.Parameters.Append cmd.CreateParameter("@Visits", 3, 1, 4, CInt(1))
cmd.Parameters.Append cmd.CreateParameter("@View", 200, 1, 30, "Full")

Set rs = Server.CreateObject("ADODB.Recordset")
rs.CursorLocation = 3
rs.CursorType = 3
rs.LockType = 3
rs.Open Cmd

--STORED PROCEDURE--
ALTER PROCEDURE [spGetInfo]
@InfoID int = 0,
@Visits int = 0,
@View nvarchar(10) = null

AS

IF @View = 'Full'
BEGIN
SELECT *
FROM tbInfo
WHERE InfoID = @InfoID
END

Post #1428271

« Prev Topic | Next Topic »

Permissions