Re: SQL Statement in C#

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: "Jay" <nospam>
Date: Mon, 19 Feb 2007 14:10:59 -0000

Much of the discussion in the link you gave is based on how SQL Server pre-compiles/caches.

Is this discussion about whether or not to use stored procedures mainly applicable to SQL Server, or
is it applicable to other database too?

"Chris Dunaway" <dunawayc@xxxxxxxxx> wrote in message
news:1171637916.912957.318710@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Feb 16, 8:45 am, Jon Skeet [C# MVP] <s...@xxxxxxxxx> wrote:

Peter Bradley <pbrad...@xxxxxxxxxx> wrote:

Don't do it. Use a stored procedure.

Personally I disagree with the idea of using stored procedures for
everything, unless it's for security reasons. With ORM systems like
Hibernate, you can perform much richer queries directly than are easily
feasible with stored procs unless those procs end up generating dynamic
SQL (which is messy and prone to bugs).

The better alternative is to use a parameterised query - you get the
benefits of the parameters being passed without risk of SQL injection
attacks etc, but without the development/maintenance overhead of having
to add a stored proc for every query.

--
Jon Skeet - <s...@xxxxxxxxx>http://www.pobox.com/~skeet Blog:http://www.msmvps.com/jon.skeet
If replying to the group, please do not mail me too

I also tend to use parameterized queries but I think this is one of
those "religious" type things with one side saying that stored procs
are "the only true way" and the other side saying they are not.

Here's an interesting article that *doesn't* promote the use of
sprocs:

http://weblogs.asp.net/fbouma/archive/2003/11/18/38178.aspx

I'm not sure I agree with it 100%, but it is an interesting read.

.

Follow-Ups:
- Re: SQL Statement in C#
  - From: Jon Skeet [C# MVP]

References:
- Re: SQL Statement in C#
  - From: Peter Bradley
- Re: SQL Statement in C#
  - From: Jon Skeet [C# MVP]
- Re: SQL Statement in C#
  - From: Chris Dunaway

Prev by Date: Re: [Multipost]
Next by Date: Re: converting string to method, templates question
Previous by thread: Re: SQL Statement in C#
Next by thread: Re: SQL Statement in C#
Index(es):
- Date
- Thread

Relevant Pages

Re: Help understanding Stored proc Level Secuirty?
... Jasper Smith (SQL Server MVP) ... I set permissions to my Stored Procedures, ... Access to stored procs fail ...
(microsoft.public.sqlserver.security)
Re: Dynamically selected columns with column switch option
... the middle tier passes to the stored procs. ... So we are facing a design problem here. ... they might have to add new requests with new column sets. ... broad SELECT statements will force the sql server to produce huge ...
(microsoft.public.sqlserver.programming)
Re: is WITH ENCRYPTION now safe in SQL2005?
... > There are very dissenting opinions on that in the SQL Server community. ... > for one reason or another do not get good support from the vendor. ... How would a safe encryption method be implemented? ... about disassemled stored procs from firebird. ...
(comp.databases.ms-sqlserver)
Re: Encrypting SQL objects
... objects, i.e. Stored procs, Views, triggers. ... engine must be able to read the source code at run to be able to compile ... And if SQL Server has access to it, ...
(microsoft.public.sqlserver.security)
ADO error handling when connecting to SQL Server 2000
... I use Delphi to connect to SQL Server 2000 using the ADO components. ... executing stored procedure that makes some calls to another stored procs. ...
(microsoft.public.sqlserver.programming)