Re: sp_executesql vs. EXECUTE — MsSQL Server

You are here: Re: sp_executesql vs. EXECUTE « MsSQL Server « IT news, forums, messages

Posted by Erland Sommarskog on 12/20/06 22:50

fireball (fireball@onet.kropka.eu) writes:
> please, in simple words, what is difference between :
> sp_executesql
> and
> EXECUTE

sp_executesql gives you the possibility to use parameterised statements,
EXEC() does not. Parameterised statements have two important advantages:

o No risk for SQL injection.
o Better plan reuse in the plan cache.

For more details on this point, I have an article on my web site that
goes into detail on dynamic SQL, http://www.sommarskog.se/dynamic_sql.html.

--
Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se

Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx

Navigation:

Next in forum: Re: if exists condition..
Prev in forum: Re: Backup Priority level
Thread view: Re: sp_executesql vs. EXECUTE

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация