473,378 Members | 1,218 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > what is the best way for passing parameters to select command?

Join Bytes to post your question to a community of 473,378 software developers and data experts.

What is the best way for passing parameters to select command?

Hi

We have a web site for 100 users using SQL Server.
In our DAL all the selections when we need to pass parameters are using
the SqlCommand and they are something like:

SqlCommand com = new SqlCommand();
com.Connection = MyConnection;
com.Transaction = MyTransaction;
com.CommandText = ""SELECT CustomerID, CompanyName FROM Customers "

+ "WHERE Country = "+ MyCountryVal.ToString() + " AND City = "
+ MyCityVal;
dataReader = com.ExecuteReader();

I want to know if in this kind of commads i will have performace
issues?
Does it better to pass the parameters to the SqlCommand with the
SqlCommand.Parameters command as follow:

command.CommandText =
"SELECT CustomerID, CompanyName FROM Customers "
+ "WHERE Country = @Country AND City = @City";
command.Parameters.Add(paramArray);

for (int j=0; j<paramArray.Length; j++)
{
command.Parameters.Add(paramArray[j]) ;
}

Thanks in advance.
Oren.

Jul 20 '06 #1
9 1893
It's better 'cuz it's about 100000x more secure. Performance isn't an issue
either way.

Karl
--
http://www.openmymind.net/
http://www.codebetter.com/
<or***@tici.co.ilwrote in message
news:11**********************@s13g2000cwa.googlegr oups.com...
Hi

We have a web site for 100 users using SQL Server.
In our DAL all the selections when we need to pass parameters are using
the SqlCommand and they are something like:

SqlCommand com = new SqlCommand();
com.Connection = MyConnection;
com.Transaction = MyTransaction;
com.CommandText = ""SELECT CustomerID, CompanyName FROM Customers "

+ "WHERE Country = "+ MyCountryVal.ToString() + " AND City = "
+ MyCityVal;
dataReader = com.ExecuteReader();

I want to know if in this kind of commads i will have performace
issues?
Does it better to pass the parameters to the SqlCommand with the
SqlCommand.Parameters command as follow:

command.CommandText =
"SELECT CustomerID, CompanyName FROM Customers "
+ "WHERE Country = @Country AND City = @City";
command.Parameters.Add(paramArray);

for (int j=0; j<paramArray.Length; j++)
{
command.Parameters.Add(paramArray[j]) ;
}

Thanks in advance.
Oren.

Jul 20 '06 #2
Err...the command.Parameters is better is what i mean :)

karl

--
http://www.openmymind.net/
http://www.codebetter.com/
<or***@tici.co.ilwrote in message
news:11**********************@s13g2000cwa.googlegr oups.com...
Hi

We have a web site for 100 users using SQL Server.
In our DAL all the selections when we need to pass parameters are using
the SqlCommand and they are something like:

SqlCommand com = new SqlCommand();
com.Connection = MyConnection;
com.Transaction = MyTransaction;
com.CommandText = ""SELECT CustomerID, CompanyName FROM Customers "

+ "WHERE Country = "+ MyCountryVal.ToString() + " AND City = "
+ MyCityVal;
dataReader = com.ExecuteReader();

I want to know if in this kind of commads i will have performace
issues?
Does it better to pass the parameters to the SqlCommand with the
SqlCommand.Parameters command as follow:

command.CommandText =
"SELECT CustomerID, CompanyName FROM Customers "
+ "WHERE Country = @Country AND City = @City";
command.Parameters.Add(paramArray);

for (int j=0; j<paramArray.Length; j++)
{
command.Parameters.Add(paramArray[j]) ;
}

Thanks in advance.
Oren.

Jul 20 '06 #3
Convert your command into a stored procedure and then pass in
parameters.

If you have optional parameters e.g Search on First name or Last name
you can change you
SQL like this.

CREATE PROCEDURE spgUser
{
@firstName nvarchar(50) = null,
@lastName nvarchar(50) = null
}
AS

SELECT

userID

FROM

userTable

WHERE

(@firstName IS NULL OR firstName = @firstName )
AND
(@lastName IS NULL OR lastName = @lastName)

This will also allow this procedure to bring back ALL users if no
params are passed.
If you don't want that simply do an IF test for both being null at the
start or put that
logic in you code.

Hope this helps.



Karl Seguin [MVP] wrote:
Err...the command.Parameters is better is what i mean :)

karl

--
http://www.openmymind.net/
http://www.codebetter.com/
<or***@tici.co.ilwrote in message
news:11**********************@s13g2000cwa.googlegr oups.com...
Hi

We have a web site for 100 users using SQL Server.
In our DAL all the selections when we need to pass parameters are using
the SqlCommand and they are something like:

SqlCommand com = new SqlCommand();
com.Connection = MyConnection;
com.Transaction = MyTransaction;
com.CommandText = ""SELECT CustomerID, CompanyName FROM Customers "

+ "WHERE Country = "+ MyCountryVal.ToString() + " AND City = "
+ MyCityVal;
dataReader = com.ExecuteReader();

I want to know if in this kind of commads i will have performace
issues?
Does it better to pass the parameters to the SqlCommand with the
SqlCommand.Parameters command as follow:

command.CommandText =
"SELECT CustomerID, CompanyName FROM Customers "
+ "WHERE Country = @Country AND City = @City";
command.Parameters.Add(paramArray);

for (int j=0; j<paramArray.Length; j++)
{
command.Parameters.Add(paramArray[j]) ;
}

Thanks in advance.
Oren.
Jul 20 '06 #4
<pa*********@corpoflondon.gov.ukwrote in message
news:11**********************@m79g2000cwm.googlegr oups.com...
WHERE
(@firstName IS NULL OR firstName = @firstName )
AND
(@lastName IS NULL OR lastName = @lastName)
I find the following much easier to read:

WHERE
firstName = COALESCE(@firstName, firstName)
AND
lastName = COALESCE(@lastName, lastName)
Jul 20 '06 #5
Agreed but is there a performance hit?

When we initially went for the solution I wrote many queries like this

(@firstName = firstName OR @firstName IS NULL )

This is ALOT slower than

( @firstName IS NULL OR .....

When @firstName is indeed NULL.
Mark Rae wrote:
<pa*********@corpoflondon.gov.ukwrote in message
news:11**********************@m79g2000cwm.googlegr oups.com...
WHERE
(@firstName IS NULL OR firstName = @firstName )
AND
(@lastName IS NULL OR lastName = @lastName)

I find the following much easier to read:

WHERE
firstName = COALESCE(@firstName, firstName)
AND
lastName = COALESCE(@lastName, lastName)
Jul 20 '06 #6
"Paul" <pa*********@corpoflondon.gov.ukwrote in message
news:11**********************@i3g2000cwc.googlegro ups.com...
Agreed but is there a performance hit?
I don't know - is there...?
When we initially went for the solution I wrote many queries like this

(@firstName = firstName OR @firstName IS NULL )

This is ALOT slower than

( @firstName IS NULL OR .....

When @firstName is indeed NULL.
OK - I'll have to take your word for that, as I've never benchmarked it.

Thanks for the tip.
Jul 20 '06 #7
Yes, there is a performance tip...and putting it in a sproc isn't
necessarily the best answer.

While I'm a big fan of sprocs (really big), they aren't any more secure, and
most developers don't realize that in many cases, they can run considerably
slower than inline SQL.

I disagree wth the blanket statement of putting it in an sproc - though I do
agree that it should be considered.

Karl

--
http://www.openmymind.net/
http://www.fuelindustries.com/
"Mark Rae" <ma**@markNOSPAMrae.comwrote in message
news:ue**************@TK2MSFTNGP04.phx.gbl...
"Paul" <pa*********@corpoflondon.gov.ukwrote in message
news:11**********************@i3g2000cwc.googlegro ups.com...
>Agreed but is there a performance hit?

I don't know - is there...?
>When we initially went for the solution I wrote many queries like this

(@firstName = firstName OR @firstName IS NULL )

This is ALOT slower than

( @firstName IS NULL OR .....

When @firstName is indeed NULL.

OK - I'll have to take your word for that, as I've never benchmarked it.

Thanks for the tip.

Jul 20 '06 #8
*tip* --*hit*

--
http://www.openmymind.net/
http://www.fuelindustries.com/
"Karl Seguin [MVP]" <karl REMOVE @ REMOVE openmymind REMOVEMETOO . ANDME
netwrote in message news:e7**************@TK2MSFTNGP04.phx.gbl...
Yes, there is a performance tip...and putting it in a sproc isn't
necessarily the best answer.

While I'm a big fan of sprocs (really big), they aren't any more secure,
and most developers don't realize that in many cases, they can run
considerably slower than inline SQL.

I disagree wth the blanket statement of putting it in an sproc - though I
do agree that it should be considered.

Karl

--
http://www.openmymind.net/
http://www.fuelindustries.com/
"Mark Rae" <ma**@markNOSPAMrae.comwrote in message
news:ue**************@TK2MSFTNGP04.phx.gbl...
>"Paul" <pa*********@corpoflondon.gov.ukwrote in message
news:11**********************@i3g2000cwc.googlegr oups.com...
>>Agreed but is there a performance hit?

I don't know - is there...?
>>When we initially went for the solution I wrote many queries like this

(@firstName = firstName OR @firstName IS NULL )

This is ALOT slower than

( @firstName IS NULL OR .....

When @firstName is indeed NULL.

OK - I'll have to take your word for that, as I've never benchmarked it.

Thanks for the tip.


Jul 20 '06 #9
JT
I agree with you. However, some people might point out that an
advantage of stored procedures is that they can be modified without a
code recompile. That may or may not be a concern. I haven't found
that to be a high priority and like the inline parameter approach.

JT

Karl Seguin [MVP] wrote:
Yes, there is a performance tip...and putting it in a sproc isn't
necessarily the best answer.

While I'm a big fan of sprocs (really big), they aren't any more secure, and
most developers don't realize that in many cases, they can run considerably
slower than inline SQL.

I disagree wth the blanket statement of putting it in an sproc - though I do
agree that it should be considered.

Karl

--
http://www.openmymind.net/
http://www.fuelindustries.com/
"Mark Rae" <ma**@markNOSPAMrae.comwrote in message
news:ue**************@TK2MSFTNGP04.phx.gbl...
"Paul" <pa*********@corpoflondon.gov.ukwrote in message
news:11**********************@i3g2000cwc.googlegro ups.com...
Agreed but is there a performance hit?
I don't know - is there...?
When we initially went for the solution I wrote many queries like this

(@firstName = firstName OR @firstName IS NULL )

This is ALOT slower than

( @firstName IS NULL OR .....

When @firstName is indeed NULL.
OK - I'll have to take your word for that, as I've never benchmarked it.

Thanks for the tip.
Jul 21 '06 #10
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
passing SQL data to ASP
by: Hursh | last post by:
Hi, I have written some stored procedures in SQL and these procedures return some value. I want these values to be captured by the ASP code. I am able to access the tables using ADO(...
ASP / Active Server Pages
3
What is the Best Way to Copy a Recordset?
by: David Altemir | last post by:
I have a table in MS Access 2003 that contains records that I would like to copy to the end of the table. There is one slight deviation from just doing a straightforwared COPY, however, in that I...
Microsoft Access / VBA
2
passing parameters to stored procedure from report
by: Bob | last post by:
I'm new to Access projects and SQL server and am not a veteran VB programmer. There's a cry for help! I'm attempting to print the current form on screen by using a command button which the user...
Microsoft Access / VBA
5
passing data to modal dialog box in VBA
by: rettigcd | last post by:
Hello, I need to create a custome form that operates similar to the MsgBox() and InputBox() functions. I can't figure out how to pass data to a MODAL dialog box (form). I've tried 3...
Microsoft Access / VBA
4
Passing Parameters to SQL and getting results back
by: Mike Dinnis | last post by:
Hi, I've been working through a number of turorials to try to learn more about retrieving data from a SQL database. I think i've mastered techniques where i create a sql string in the page and...
ASP.NET
12
Properties or parameters : what's best performing?
by: Perre Van Wilrijk | last post by:
Hi there, When I started using VB6, I used to write classes with properties and functions as following ... Private lngf1 As Long Private strf2 As String Public Property Get f1() As Long...
Visual Basic .NET
17
what are cursors in sql???
by: vishal | last post by:
I am new to sql and require some help on cursors? what are they and how and why are they used for??? it will be kind enough if anyone helps me in this regards.. regards vishal jain.
Microsoft SQL Server
669
What is Expressiveness in a Computer Language
by: Xah Lee | last post by:
in March, i posted a essay “What is Expressiveness in a Computer Language”, archived at: http://xahlee.org/perl-python/what_is_expresiveness.html I was informed then that there is a academic...
Python
16
what am I doing wrong ?
by: SLIMSHIM | last post by:
Hi, I"m new to c# and .net. I wrote a small program to add rows to an access table. the program goes thru the motions but the data never gets there. here is my code. I am intentionaly not using...
C# / C Sharp
0
Wordpress or something else?
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
Content Management Systems
0
One-click Importing Excel Data into a*Database
by: ryjfgjl | last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
Microsoft Excel
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!