Always use Binding Variables in SQL queries

reshi999

5.00/5 (1 vote)

28 Apr 2011CPOL

12.8K

Thanks for that. In MS SQL Server, I use the following technique to avoid full compile:DECLARE @sql VARCHAR(100)DECLARE @pk INTSET @pk = 2SET @sql = 'SELECT id, pcname FROM pod WHERE id = ' + CAST(@pk AS VARCHAR)EXEC (@sql)-- or -- EXEC sp_sqlexec @SQL

Thanks for that. In MS SQL Server, I use the following technique to avoid full compile:

SQL

DECLARE @sql VARCHAR(100)
DECLARE @pk INT

SET @pk = 2
SET @sql = 'SELECT id, pcname FROM pod WHERE id = ' + CAST(@pk AS VARCHAR)

EXEC (@sql)

-- or -- 

EXEC sp_sqlexec @SQL

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)