On Fri, Feb 17, 2012 at 9:03 AM, Ken Dibble <[email protected]> wrote:
>
> Yeah, we can let the DB back-end "do it", if we're willing to give up most
> of the power that dynamic SQL makes available and resort to maintaining
> hundreds of static queries or views. (As I understand it, you can't use ?
> parameters to insert SQL object names, such as those of tables or columns,
> and the ? parameter purists also seem to frown on concatenating those
> things into a query string, even when they can only get there when the user
> picks them out of a read-only list.) But why is it considered a good idea
> to have DB back-ends carry that overhead of internally escaping single quotes?
-------------------
The power of dynamic SQL ?
That is running with scissors.
This is how I am handling an update in a VB.net project:
Public Function Update(ByVal var As TradingPartnersInfo) As Boolean
Dim sysEnc As New Ring.Encryption
Try
Dim params() As SqlParameter = New SqlParameter(12) {}
params(0) = New SqlParameter("@TradingPartnerID",
var.TradingPartnerID)
params(1) = New
SqlParameter("@TradingPartnerQualifier", var.TradingPartnerQualifier)
params(2) = New SqlParameter("@TradingPartnerDesc",
var.TradingPartnerDesc)
params(3) = New SqlParameter("@Purpose", var.Purpose)
params(4) = New SqlParameter("@BaanInvLoc", var.BaanInvLoc)
params(5) = New SqlParameter("@FTPSiteInbound",
var.FTPSiteInbound)
params(6) = New SqlParameter("@FTPSiteOutbound",
var.FTPSiteOutbound)
params(7) = New SqlParameter("@FTPUser", var.FTPUser)
params(8) = New SqlParameter("@FTPPW",
sysEnc.EncryptValue(var.FTPPW))
params(9) = New SqlParameter("@isSterlineCommerce",
var.isSterlineCommerce)
params(10) = New SqlParameter("@Active", var.Active)
params(11) = New SqlParameter("@dtmAdded", var.dtmAdded)
params(12) = New SqlParameter("@Contact", var.Contact)
SqlHelper.ExecuteNonQuery(My.Settings.cnRingEDIEngine,
CommandType.StoredProcedure, "TradingPartners_upd", params)
Catch ex As Exception
Dim s As String = ex.Message
Throw New ApplicationException(ex.Message)
End Try
End Function
You just load up the container "TradingPartnersInfo" and pass it back
to the business tier.
--
Stephen Russell
901.246-0159 cell
_______________________________________________
Post Messages to: [email protected]
Subscription Maintenance: http://leafe.com/mailman/listinfo/profox
OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message:
http://leafe.com/archives/byMID/profox/CAJidMYLBBF_CnfTR0daci7erkAt9z=ejwvjvdjvb-an3cnv...@mail.gmail.com
** All postings, unless explicitly stated otherwise, are the opinions of the
author, and do not constitute legal or medical advice. This statement is added
to the messages for those lawyers who are too stupid to see the obvious.
