Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

cmd("@xxx") vs cmd.Parameters.Append cmd.CreateParameter("@xxx") Expand / Collapse
Author
Message
Posted Thursday, March 07, 2013 2:35 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Friday, March 08, 2013 4:20 AM
Points: 1, Visits: 10
Can anyone tell me if the following two methods of sending information to a store procedure are behaving in the same way? Is there a benefit to one over the other, mostly in terms of security? Both ways work for me, I'm just wondering what the difference is. Thank you!


--METHOD #1--
cmd.CommandText = "spGetInfo"
cmd("@InfoID") = CInt(InfoID))
cmd("@Visits") = CInt(1)
cmd("@View") = "Full"

Set rs = Server.CreateObject("ADODB.Recordset")
rs.CursorLocation = 3
rs.CursorType = 3
rs.LockType = 3
rs.Open Cmd


--METHOD #2--
cmd.CommandText = "spGetInfo"
cmd.CommandType = 4
cmd.Prepared = true

cmd.Parameters.Append cmd.CreateParameter("@InfoID", 3, 1, 4, CInt(InfoID))
cmd.Parameters.Append cmd.CreateParameter("@Visits", 3, 1, 4, CInt(1))
cmd.Parameters.Append cmd.CreateParameter("@View", 200, 1, 30, "Full")

Set rs = Server.CreateObject("ADODB.Recordset")
rs.CursorLocation = 3
rs.CursorType = 3
rs.LockType = 3
rs.Open Cmd


--STORED PROCEDURE--
ALTER PROCEDURE [spGetInfo]
@InfoID int = 0,
@Visits int = 0,
@View nvarchar(10) = null

AS

IF @View = 'Full'
BEGIN
SELECT *
FROM tbInfo
WHERE InfoID = @InfoID
END
Post #1428271
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse