Last post Jan 29, 2015 08:38 PM by Edwin Guru Singh
Jan 29, 2015 02:03 AM|RamThilak|LINK
I know it is better to use stored procedure for security than inline query.But i need some advantages of inline query.
Jan 29, 2015 02:18 AM|kaushalparik27|LINK
There would be no advantage, of having bad coding practice. Inline is one of them :)
Jan 29, 2015 02:21 AM|oned_gk|LINK
Jan 29, 2015 08:44 AM|limno|LINK
It is too general to get into hot discussion for this topic. I think you can make a decision based on your situation.
If you are diving into performance, you need to compare your query in different forms with execution plans.
Jan 29, 2015 10:34 AM|JoyceW|LINK
I'm replacing all inline queries for my companies web apps so I am not for inline but... It is much easier to write dynamic, customized queries inline. And your code is right there to debug and test.
Jan 29, 2015 08:38 PM|Edwin Guru Singh|LINK
As per your case, I have been shared my ideas below:
1.In most of the cases, building inline SQL statements using string concatenation is a bad idea.
2.Inline SQL gives you the greatest chance of poor performance, is prone to SQL injection attacks, and makes it difficult to perform maintenance on the underlying database.
3.Any time you might save by writing shorter code that doesn’t create parameter objects will almost certainly be lost when you’re debugging issues with it later on.
4.From the aspects of performance and development speed, there doesn’t appear to be a lot to choose between parameterised inline SQL and stored procedures.
5.Inline SQL is less secure due to compromised accounts being able to directly access tables rather than only being able to perform authorised operations on them
6.Using stored procedures can help to ensure you get the best possible performance, reduces the attack surface, increases maintainability, and improves overall development speed