performance question

  • Thread starter Thread starter Michelle
  • Start date Start date
M

Michelle

Is there any performance difference between doing the following with oracle
and oledb:

cmd.CommandText = "insert into mytable (val1, val2, val3) values ('" +
checkforquotes(myval1) + "', '" + checkforquotes(myval2) + "', '" +
checkforquotes(myval3) + "')";

and doing

cmd.CommandText = "insert into mytable (val1, val2, val3) values (?, ?, ?)";
cmd.Parameters.Add("val1", val1);

cmd.Parameters.Add("val2", val2);
cmd.Parameters.Add("val3", val3);


Thanks,

Michelle
 
Michelle said:
Is there any performance difference between doing the following with oracle
and oledb:

cmd.CommandText = "insert into mytable (val1, val2, val3) values ('" +
checkforquotes(myval1) + "', '" + checkforquotes(myval2) + "', '" +
checkforquotes(myval3) + "')";

and doing

cmd.CommandText = "insert into mytable (val1, val2, val3) values (?, ?, ?)";
cmd.Parameters.Add("val1", val1);

cmd.Parameters.Add("val2", val2);
cmd.Parameters.Add("val3", val3);

Short answer, yes. First way: bad. Second way: good.


Long answer, read Expert One-on-One Oracle, by Thomas Kyte and visit
http://asktom.oracle.com
for exhaustive details on why you MUST use bind variables instead of
hard-coding values in SQL.

David
 
Thank you for answering. If you have the time and inclination, I wouldn't
mind hearing the long answer.

Thanks again,

Michelle
 
Oops, I missed the link you gave me. I mistook it for your sig and ignored
it :)
I'll read up on that for the long answer.
Thanks!

Michelle
 
Back
Top