March 24, 2010 at 2:12 am
Hi all,
I need some help with technical information about the right choice to execute stored procedures from client applications as a RPC or as a T-SQL Batch, assuming that the used connection library permits both variants?
Which are the pro and contra arguments in the following areas:
1. Performance
2. Security ( sql-injection possibilities )
3. Manageability
March 24, 2010 at 9:46 am
If you are using the stored procedure command type, which you should be, then they will be RPC.
Jack Corbett
Consultant - Straight Path Solutions
Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
March 30, 2010 at 11:30 am
Thank you for indicating how to execute stored procedures as RPC calls from client application,
but what I want to know exactly is why should I chose to execute it as RPC and not as T-Sql Batch.
What are the technical benefits, advantages to chose one option or another to execute stored procedures.
MSzI
March 30, 2010 at 11:42 am
If you don't use the stored procedure command type and parameters then you are opening yourself up to sql injection attacks and aren't following best practices. Every command sent from an application to a SQL Server should be sure to scrub any input from the user before sending it to the database. One way to do that is to parameterize every query and when you do that every call becomes an RPC call.
Jack Corbett
Consultant - Straight Path Solutions
Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply