quote:
all database access should be done with command objects and stored procedures, and not dynamic SQL
Indeed. Unfortunately, there's a ton of code out there that isn't using Command objects. That was the root of the recommendation I made for my friend to pass on.
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1
K. Brian Kelley
@kbriankelley