February 26, 2008 at 2:03 am
Hie,
what is the difference between Sp_Executesql and Exec(sql)?
can some one please guide me ?
thanks in advance
Milan Suman.
February 26, 2008 at 2:36 am
sp_executesql can be parameterized. This is an advantage when you are executing the same statement meny times but with different parameter values. In this case, the execution plan for the parameterized statement is likely to be reused.
Regards,
Andras
February 26, 2008 at 3:54 am
Hie Andras,
If you can explain me more about this with one example.
I will be more happy.
Thanks,
Milan Suman
February 26, 2008 at 10:21 am
When you execute dynamic sql via the sp_executesql method it is parameterized. This means that you can declare variables, within the scope of the dynamic sql. This leads to better performance and query plan reuse. On the other hand, if you use exec ('some sql string'), a new query plan will have to be created and the sql statement has to be compiled each time.
sp_executeSQL should always be used over the exec method because by parameterizing your dynamic SQL you help performance and reduce the risk of SQL injection attack.
More info:
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply