Parameter Query

[petermeachem]

Not strictly an ASP question.

I came across this method of using a parameter query. It ends up much neater looking than using CreateParameter, so I was wondering if there is a huge snag I have overlooked?

SQLtemp = "SELECT * FROM CustRecords WHERE Cust_UserName = ? AND Cust_Password = ? "

set oCmd = server.CreateObject("ADODB.Command")
oCmd.ActiveConnection = cnn
oCmd.CommandText = SQLtemp
set rst = oCmd.Execute (,Array(cuser,cuserpassword))

 

[Chopstik]

I'm not familiar with CreateParameter. Can you elaborate?

Also, the method you've shown above seems ok. I can't see any problems as you've got it listed.

------------------------------------------------------------------------------------------------------------------------
"Men occasionally stumble over the truth, but most of them pick themselves up and hurry off as if nothing ever happened."
- Winston Churchill

 

[Tarwn]

I've only every seen CreateParameter used for stored procedures, but I guess the logic would be the same. You might want to consider testing the execution time between this and the other method to see which takes longer over a series of executions using the timer() method. Another option would be to grab my benchmark script - several examples if you search for "benchmark" in this forum or you can find a couple links in my archive (linked from my profile).