Optimize Parametrized Queries With ADO Objects

Optimize Parametrized Queries With ADO Objects

When you write Insert statements, it can be difficult to accommodate the possible values end users might enter into a textbox. The most common task is replacing single quotes with double quotes. However, parameterized queries provide two benefits: You do not have to parse data entered by users?except for business rules; and SQL Server 7.0 immediately caches the SQL statement:

 Dim cmd As ADODB.CommandDim prm As ADODB.ParameterSet cmd = New ADODB.CommandSet prm = New ADODB.ParameterWith cmd	.ActiveConnection = CONNECT_STRING	.CommandText = "INSERT INTO employees " & _		"(name) VALUES(?)"	.CommandType = adCmdText	Set prm = .CreateParameter(, adChar, _		adParamInput, 50, Me.txtName.Text)	.Parameters.Append prm	.ExecuteEnd WithSet cmd = NothingSet prm = Nothing


Share the Post: