SQL Server Forums
Profile | Register | Active Topics | Members | Search | Forum FAQ
 
Register Now and get your question answered!
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 Development Tools
 Other Development Tools
 cmd("@xxx") vs cmd.Parameters.Append cmd.CreatePar
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

gbatta
Starting Member

USA
26 Posts

Posted - 03/07/2013 :  20:11:25  Show Profile  Reply with Quote
Can anyone tell me if the following two methods of sending information to a store procedure are behaving in the same way? Is there a benefit to one over the other, mostly in terms of security? Both ways work for me, I'm just wondering what the difference is. Thank you!


--METHOD #1--
cmd.CommandText = "spGetInfo"
cmd("@InfoID") = CInt(InfoID))
cmd("@Visits") = CInt(1)
cmd("@View") = "Full"

Set rs = Server.CreateObject("ADODB.Recordset")
rs.CursorLocation = 3
rs.CursorType = 3
rs.LockType = 3
rs.Open Cmd


--METHOD #2--
cmd.CommandText = "spGetInfo"
cmd.CommandType = 4
cmd.Prepared = true

cmd.Parameters.Append cmd.CreateParameter("@InfoID", 3, 1, 4, CInt(InfoID))
cmd.Parameters.Append cmd.CreateParameter("@Visits", 3, 1, 4, CInt(1))
cmd.Parameters.Append cmd.CreateParameter("@View", 200, 1, 30, "Full")

Set rs = Server.CreateObject("ADODB.Recordset")
rs.CursorLocation = 3
rs.CursorType = 3
rs.LockType = 3
rs.Open Cmd


--STORED PROCEDURE--
ALTER PROCEDURE [spGetInfo]
@InfoID int = 0,
@Visits int = 0,
@View nvarchar(10) = null

AS

IF @View = 'Full'
BEGIN
SELECT *
FROM tbInfo
WHERE InfoID = @InfoID
END
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
SQL Server Forums © 2000-2009 SQLTeam Publishing, LLC Go To Top Of Page
This page was generated in 0.05 seconds. Powered By: Snitz Forums 2000