January 1, 2009 at 4:33 am
Hi Friends, This is Sandeep. I have a problem that i am facing in my job that needs to be solved as soon as possible. I want to create a stored procedure that can accept a table name,its fields & corresponding field's values to insert/update in the same table at run-time from c# application (front-end). Plz send me the code or the method how to do that?[font="Courier New"][/font]
January 1, 2009 at 12:54 pm
first read: http://www.sommarskog.se/dynamic_sql.html
Then : this is certainly not a best practice !
Create proper sprocs that serve exactly what they should.
Any "dynamic" part will come to a price.
... but I have many tables my c# has to fill up ..... create as much sprocs a you need, and avoid any dynamic part.
You may gain :
- nicely tight security
- reuse of cached sprocs
- data quality (validation by sproc)
- tuning by dba without c# code adjustment will be possible
Johan
Learn to play, play to learn !
Dont drive faster than your guardian angel can fly ...
but keeping both feet on the ground wont get you anywhere :w00t:
- How to post Performance Problems
- How to post data and code to get the best help
- How to prevent a sore throat after hours of presenting ppt
press F1 for solution, press shift+F1 for urgent solution 😀
Who am I ? Sometimes this is me but most of the time this is me
January 1, 2009 at 1:45 pm
ALZDBA (1/1/2009)
first read: http://www.sommarskog.se/dynamic_sql.htmlThen : this is certainly not a best practice !
In addition, make sure you know what SQL injection is and how to prevent it.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
Viewing 3 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply