Replace all if possible... Patches all security holes that way... If you
have any queries that rely on parameters, you potentially run the risk of
having someone alter your data. Also, the execution plan is saved, thus
saving you time in parsing the query. Performance gain, security... Is
The only queries I have in my templates are for cached queries and then the
query looks like:
cfquery
exec usp_whatever
/cfquery
I am a strong advocate of keeping the database work in the database itself.
I use sp exclusively.
- Original Message -
From: Bosky, Dave [EMAIL PROTECTED]
What's the best practice is using stored procedures, should
they replace all queries or just complex queries?
If possible, I'd replace all inline SQL with stored procedures in an
application. There are gains both in security and performance, if done
right.
Since I feel like being a bit
3 matches
Mail list logo
