Re: SQL Statement in C#
- From: "Will" <wdieteri@xxxxxxx>
- Date: 16 Feb 2007 12:47:42 -0800
This is mainly MS-SQL thinking, with other databases(Oracle, db2,etc)
they do not think this way dynamic SQL is the prime method. The
people who have a problem with stored procedures have it with CRUD
statements, if you are doing something that multiple database pulls,
process the data, asking for more database info and then puts out a
simple string or number use a stored procedure the performance is
better then anything dynamic SQL on the client will give.
Now for the prime reason they give for using stored procedures for
CRUD.
Speed. Back in the old days of MS-SQL 6.5 stored procedures would be
compiled and kept around while dynamic would not so you gained a
decent speed increase. Since MS-SQL 7 this has not been the case
parameterized dynamic SQL and stored procedures are treated the same.
Where stored procedures can give a speed boost is that there is a
better chance that the same plan will be use. However stored
procedures use alot of coalease and isnull statements and those are
very CPU intensive.
Security. Compared to other database the security in MS-SQL is
garbage. However with stored procedures you do start to add security
because you only have to give users access to the stored procedures
and not the table themselves. the stored procedures have the
permissions to the tables and that is given internally. For client/
server applications this can be useful since you don't have to any
chance of the user of digging up the password, however with web and
other 3-physical tier designs this is not the case since the user
would not have the direct connections to the database. Also the
previously mentioned SQL injection attacks
That is the basis of it check of the following links for more detailed
talks
http://weblogs.asp.net/fbouma/archive/2003/11/18/38178.aspx
http://www.codinghorror.com/blog/archives/000117.html
On Feb 16, 5:25 pm, Dylan Parry <use...@xxxxxxxxxxxxxx> wrote:
Peter Bradley wrote:
Don't do it. Use astoredprocedure.
I've heard people saying this many times in the past, and while I don't
want to get into the politics of it, I've never used them simply because
I don't know how to! Any pointers for a self-confessed "n00b"?
--
Dylan Parryhttp://electricfreedom.org|http://webpageworkshop.co.uk
Programming, n: A pastime similar to banging one's head
against a wall, but with fewer opportunities for reward.
.
- References:
- Re: SQL Statement in C#
- From: Peter Bradley
- Re: SQL Statement in C#
- From: Dylan Parry
- Re: SQL Statement in C#
- Prev by Date: Re: data size in webBrowser component help...
- Next by Date: Re: Yet another Reflection / Interface Question
- Previous by thread: Re: SQL Statement in C#
- Next by thread: Re: SQL Statement in C#
- Index(es):
Relevant Pages
|
