Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

All Forums  Development Tools  Other Development Tools  cmd("@xxx") vs cmd.Parameters.Append cmd.CreatePar

Author  Topic  gbatta Starting Member 26 Posts Posted - 2013-03-07 : 20:11:25 Can anyone tell me if the following two methods of sending information to a store procedure are behaving in the same way? Is there a benefit to one over the other, mostly in terms of security? Both ways work for me, I'm just wondering what the difference is. Thank you! --METHOD #1-- cmd.CommandText = "spGetInfo" cmd("@InfoID") = CInt(InfoID)) cmd("@Visits") = CInt(1) cmd("@View") = "Full" Set rs = Server.CreateObject("ADODB.Recordset") rs.CursorLocation = 3 rs.CursorType = 3 rs.LockType = 3 rs.Open Cmd --METHOD #2-- cmd.CommandText = "spGetInfo" cmd.CommandType = 4 cmd.Prepared = true cmd.Parameters.Append cmd.CreateParameter("@InfoID", 3, 1, 4, CInt(InfoID)) cmd.Parameters.Append cmd.CreateParameter("@Visits", 3, 1, 4, CInt(1)) cmd.Parameters.Append cmd.CreateParameter("@View", 200, 1, 30, "Full") Set rs = Server.CreateObject("ADODB.Recordset") rs.CursorLocation = 3 rs.CursorType = 3 rs.LockType = 3 rs.Open Cmd --STORED PROCEDURE-- ALTER PROCEDURE [spGetInfo] @InfoID int = 0, @Visits int = 0, @View nvarchar(10) = null AS IF @View = 'Full' BEGIN SELECT * FROM tbInfo WHERE InfoID = @InfoID END