RE: Dynamic queries v/s Stored Procs - rtroiana - com.mysql.lists.mysql

2 messages in com.mysql.lists.mysqlRE: Dynamic queries v/s Stored Procs

From	Sent On	Attachments
rtroiana	28 Feb 2006 07:45
rtroiana	28 Feb 2006 08:24

Subject:	RE: Dynamic queries v/s Stored Procs
From:	rtroiana (rtro...@bitarmor.com)
Date:	02/28/2006 08:24:42 AM
List:	com.mysql.lists.mysql

Thanks for the answer.

Now let me get this right, are you suggesting using prepared statements from the C# code? Since I have seen some examples of prepared statements used in stored procedures too.

I understand stored procedures are not best tool in all situations. But what if while inserting records, I have certain operations that need to be executed consecutively. But in case of queries written inside the code, I have separate database calls and that results in too many database calls.

For example, 1) I insert data in member table and 2) Get the "ID" and 3) Insert a new row in entity table with that "ID".

I can do all that in one stored proc.

Do you think it's a good idea to use stored procedure for certain cases and may be use prepared statements from my c# code in other.

Lastly, from architecture point of view, is it considered good to have sql string embedded in C# code?

Thanks, Reema

-----Original Message----- From: James Black [mailto:jbl...@ieee.org] Sent: Tuesday, February 28, 2006 10:54 AM To: rtroiana Subject: Re: Dynamic queries v/s Stored Procs

-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160

rtroiana wrote:

Although i have the DB code in place as dynamically generated strings in code. I might have to do a lot of rework to implement stored procs. Is it really worth it to move to stored procs?

You may want to use prepared statements instead of stored procedures, as it does protect against sql injection. It obviously is as much work to change as a dynamic query, but I don't think stored procedures are the best tool in all situations.

- -- "Love is mutual self-giving that ends in self-recovery." Fulton Sheen James Black jam...@usf.edu -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEBHIpikQgpVn8xrARAxf+AJ9Vj+IsMrTXAaIYgB3fHrEZPJZv7ACfdu74 flJn+6NSRt5cLZIfRauZUhY= =cUPJ -----END PGP SIGNATURE-----