Thanks for the answer. Now let me get this right, are you suggesting using prepared statements from the C# code? Since I have seen some examples of prepared statements used in stored procedures too.
I understand stored procedures are not best tool in all situations. But what if while inserting records, I have certain operations that need to be executed consecutively. But in case of queries written inside the code, I have separate database calls and that results in too many database calls. For example, 1) I insert data in member table and 2) Get the "ID" and 3) Insert a new row in entity table with that "ID". I can do all that in one stored proc. Do you think it's a good idea to use stored procedure for certain cases and may be use prepared statements from my c# code in other. Lastly, from architecture point of view, is it considered good to have sql string embedded in C# code? Thanks, Reema -----Original Message----- From: James Black [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 28, 2006 10:54 AM To: rtroiana Subject: Re: Dynamic queries v/s Stored Procs -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 rtroiana wrote: > Although i have the DB code in place as dynamically generated strings in > code. I might have to do a lot of rework to implement stored procs. Is it > really worth it to move to stored procs? You may want to use prepared statements instead of stored procedures, as it does protect against sql injection. It obviously is as much work to change as a dynamic query, but I don't think stored procedures are the best tool in all situations. - -- "Love is mutual self-giving that ends in self-recovery." Fulton Sheen James Black [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEBHIpikQgpVn8xrARAxf+AJ9Vj+IsMrTXAaIYgB3fHrEZPJZv7ACfdu74 flJn+6NSRt5cLZIfRauZUhY= =cUPJ -----END PGP SIGNATURE----- -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
