Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Stored Procedure always faster?
Message
 
To
28/07/2006 14:55:12
Dragan Nedeljkovich (Online)
Now officially retired
Zrenjanin, Serbia
General information
Forum:
Visual FoxPro
Category:
Client/server
Title:
Re: Stored Procedure always faster?
Environment versions
Database:
MS SQL Server
Miscellaneous
Thread ID:
01140442
Message ID:
01141317
Views:
20
>>Mike,
>>
>>You are deluding yourself if you think that ?x is less susceptible to SQL injection attacks.
>>
>>It's a fairly high cost in the overhead of VFP communicating parameters to ODBC, compositing the SQL string yourself runs quite a bit faster.
>
>I doubt VFP is passing parameters to ODBC - I think it's just preprocessing the string from "xxxx xxxx xxxx ?y xxx" to become something like
>
@var1='content of y'
>xxxx xxxx xxxx @var1 xxx
>and then passing that string to ODBC. And I think VFP composes it faster than we could.

In fact VFP passes parameters to SQL Server. When you use something like:
par1 = 1
SQLEXEC(sqlH,[SELECT .... FROM .... WHERE someFld = ?m.par1])
The actual command passed to SQL Server is:
exec sp_executesql N'SELECT .... from .... WHERE someFld = @P1 ',N'@P1 float',1
Against Stupidity the Gods themselves Contend in Vain - Johann Christoph Friedrich von Schiller
The only thing normal about database guys is their tables.
Previous
Next
Reply
Map
View

Click here to load this message in the networking platform