L
Laurent
Hello,
I'm using SQLClient with SQL Server 2000.
I use batches of SQL statements with parameters (like '@intparam' for
example).
I'd like to know which of the following is true:
1. The input parameter values are always passed at execution time, after the
command has been prepared.
2. The input parameter values are inserted in place of the corresponding
placeholders, then the SQL command text is sent to SQL Server.
I hope it's the first answer, so that:
- The SQL parser doesn't need to parse potentially very long commands.
- SQL command reuse is the most efficient.
- Last but not least: no SQL injection can ever take place!
Thanks,
Laurent
I'm using SQLClient with SQL Server 2000.
I use batches of SQL statements with parameters (like '@intparam' for
example).
I'd like to know which of the following is true:
1. The input parameter values are always passed at execution time, after the
command has been prepared.
2. The input parameter values are inserted in place of the corresponding
placeholders, then the SQL command text is sent to SQL Server.
I hope it's the first answer, so that:
- The SQL parser doesn't need to parse potentially very long commands.
- SQL command reuse is the most efficient.
- Last but not least: no SQL injection can ever take place!
Thanks,
Laurent