Results 1 to 5 of 5

Thread: Calling stored procedure in asp - question

  1. Jun 19th, 2009, 12:20 PM #1
    WarrenW
    WarrenW is offline
    Frenzied Member
    Join Date
    Oct 00
    Posts
    1,374

    Question Calling stored procedure in asp - question

    Hi Everyone,

    I've seen a couple ways to do this from an asp page. One is appending the parameters and setting their values. Then I came across another web page that showed it like this:

    Code:
    
'Connection Execute Method String

set connection = server.createobject("adodb.connection")
connection.open someDSN 
Connection.Execute "procname varvalue1, varvalue2"

'Close all objects and set to nothing
connection.close
set connection = nothing

**********************************
'Using Recordset Method
set connection = server.createobject("adodb.connection")
connection.open someDSN 
set rs = server.createobject("adodb.recordset")
rs.Open "Exec procname varvalue1, varvalue2",connection

'Close all objects and set to nothing
rs.close
connection.close
set rs = nothing
set connection = nothing
    In this routine above they are just adding the parameters after the sproc name. And I assume they must be in order as the parameters are defined in the sproc. Is it fine to do it this way? I'm sure others prefer the other way because it looks must more stable by defining each @param name and value.

    Thanks!
    Reply With Quote Reply With Quote
  2. Jun 19th, 2009, 01:59 PM #2
    MarkT
    MarkT is offline
    PowerPoster
    Join Date
    Jun 01
    Location
    Trafalgar, IN
    Posts
    3,480

    Re: Calling stored procedure in asp - question

    I've never seen it done that way. Does it work?
    Reply With Quote Reply With Quote
  3. Jun 19th, 2009, 02:01 PM #3
    WarrenW
    WarrenW is offline
    Frenzied Member
    Join Date
    Oct 00
    Posts
    1,374

    Re: Calling stored procedure in asp - question

    I'll know tonight and let you know.

    Warren
    Reply With Quote Reply With Quote
  4. Jun 19th, 2009, 03:44 PM #4
    techgnome
    techgnome is online now
    PowerPoster techgnome's Avatar
    Join Date
    May 02
    Posts
    21,794

    Re: Calling stored procedure in asp - question

    1) Yes it does work
    2) Is it a fine way to do this? Maybe... if you have something that runs with the same parameters all the time, it's probably OK to hardcode them like that... if you are using user input values as the parameters I DO NOT SUGGEST THIS method.... it's basically the same as concatenating a SQL string and running it blindly. And it is prone to SQL Injection attacks... and can make it harder to track down problems (most common of which is "Why does it take smith but breaks on o'connel"?
    It's better and safer, MUCH SAFER, to use parameters. Did I mention that it's safer to use parameters?

    -tg
    * I don't respond to private (PM) requests for help. It's not conducive to the general learning of others.-I also subscribe to all threads I participate, so there's no need to pm when there's an update.*
    *Proof positive that searching the forums does work: View Thread *
    * How to get EFFECTIVE help: The Hitchhiker's Guide to Getting Help at VBF - Removing eels from your hovercraft *
    * How to Use Parameters * Create Disconnected ADO Recordset Clones * Set your VB6 ActiveX Compatibility * Get rid of those pesky VB Line Numbers * I swear I saved my data, where'd it run off to??? *
    * Use Offensive Programming, not Defensive Programming. * On Error Resume Next is error ignoring, not error handling(tm).
    "There is a major problem with your code, and VB wants to tell you what it is.. but you have decided to put your fingers in your ears and shout 'I'm not listening!'" - si_the_geek on using OERN
    Reply With Quote Reply With Quote
  5. Jun 19th, 2009, 03:46 PM #5
    WarrenW
    WarrenW is offline
    Frenzied Member
    Join Date
    Oct 00
    Posts
    1,374

    Re: Calling stored procedure in asp - question

    Thanks - I knew someone would say this which is a good thing. I'll go the other route and set the parameters rather than passing them in like the example shown.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules