Re: Command obj OR Connection obj
- From: "Paul Baker" <paulb@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 14 Dec 2005 15:17:19 -0500
If you use the Connection.Execute method, you'll have to provide a SQL
statement and will have to be careful about syntax (for example, with
quotes, commas, etc.).
If you use a Command object, you can set each parameter by name using
Command.Parameters. This is safer if the values are beyond your control. It
prevents people from injecting data that looks like SQL and executing
something you hadn't intended.
Other than that, as far as I know, it's just whatever is more convenient for
you.
Paul
"vbXML" <vbXML@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:7E04840C-FE1E-4B7A-BAF5-7A9466832AF1@xxxxxxxxxxxxxxxx
>I need to write a com+ class to wrap a Stored Procedure call that update a
> field in a table. I need to pass two parameters to the Stored Proc. What
> is
> best in this case a command object (add params and execute the sp) or use
> a
> 'execute' mtd on the connection object?
> I was wondering if opening a connection explicitly (when using execute mtd
> on connection obj) hinder/lock other users longer? whereas while using the
> command obj I only pass the connection-string to the activeconnection
> property of the command obj(my assumption, connection gets pooled in this
> case)?
> thanks!
.
- Prev by Date: Re: Windows 2003 sp1: Roll back to MDAC 2.8
- Next by Date: Re: VB 2005 and Access Parameter Query Error
- Previous by thread: VB 2005 and Access Parameter Query Error
- Next by thread: OLEDBDataReader has no rows, yet query is fine in Access
- Index(es):
Relevant Pages
|
|
