This was suppose to be published last night but for some reason it wasn't...
Looking back, I think it is sort of silly how I put off learning how to use SQL parameters in my ASP.net Projects. It is so much easier than creating dynamic SQL statements in the vb.net code!
To create a dynamic SQL statement, you have to write the SQL statement and store it in a String variable. Then you have to replace the values with other variables in your vb.net and remember to include all the commas, quotations marks, etc that both vb.net and SQL needs to work. Some of my SQL statements can be quite complex and I usually have to spend some time figuring out where I'm missing the comma. Very frustrating.
However, with Stored Procedures and SQL Parameters, it splits up your long dynamic SQL statement into parts. This is so much easier to debug!
SQL Server Management Studio has a pretty good template for creating simple Stored Procedures. I managed to piece together the vb.net code from a few different sites I found via Google that I neglected to bookmark. I have my code to look back on, so I am not too worried.
My favorite page on the topic I found has to be one on the Microsoft site. It's a bit older but has some good tips on how to protect your database from SQL injection attacks.
I have implemented SQL Parameters in part of the Online Memberships Project and will fully test it out tomorrow morning. Now that I have gotten back on track, the project is going well. Still late, but it will be done!
3 comments:
Wow, and I thought my blog was boring..... :-) J/K But seriously I have no idea what you're talking about LOL!
Unfortunately, this blog is probably going to be more computer programming than gaming.
I don't really have anyone to talk to about this stuff besides my tech assistant at work. So I blog about it instead. :)
And your blog isn't boring. :P
Post a Comment