Unless you live under a rock, you have heard about Stored Procedures. These days, they are more important than ever. Stated simply, Stored Procs provide the following benefits:
1) Performance - the RDBMS can execute Stored Procs much faster than standard SQL Statements.
2) Security - You can restrict a User's access to the execution of Stored Procedures that you write. You can then grant the user Execute Permission to the procedures and grant SELECT/DELETE/INSERT permissions to the procedure. If you are in an environment where your database is accessible from outside your trused domain, this could be the difference between a successful career in IT and flipping burgers.
3) Simplicity - Stored procs encapsulate your logic and allow modifications to be made which are transparent to the end user.
4)There's simply no downside to them and no good reason not to.
Ok, great, so how do I use them.
Examine the code snippet below:
| Try _cn = New SqlConnection(csPublic) _cmd = New SqlCommand("usp_TrackUser", _cn) _cmd.CommandType = CommandType.StoredProcedure _cmd.Parameters.Clear() _cmd.Parameters.Add("@UserName", uid) _cmd.Parameters.Add("@status", stat) _cmd.Parameters.Add("@HostName", HostName) If _cn.State <> ConnectionState.Open Then _cn.Open() _cmd.ExecuteNonQuery() Return 1 Catch ex As System.Exception Return 0 Finally If _cn.State = ConnectionState.Closed Then _cn.Close() End Try |