Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
JimAmigo
Posting Yak Master
119 Posts |
 Posted - 2004-07-16 : 12:29:07
|
| I am looking for a general tutorial on how to pass a variable from an ASP page to a stored procedure. Does anyone know of one or can help me out.Your help is much appreciated. |
|
|
Seventhnight
Master Smack Fu Yak Hacker
2878 Posts |
Posted - 2004-07-16 : 13:03:53
|
| sqlstr = "yourStoredProcedure " & aspVar1 & ", " & aspVar2...etcSet Rs = SqlConnection.execute(sqlstr)don't forget to make sure the data types are correct. If aspVar1 is a string or a date it needs a ' around it.Corey |
 |
|
|
jsmith8858
Dr. Cross Join
7423 Posts |
Posted - 2004-07-16 : 13:18:51
|
| I recommend using a command object and the parameters collection. this way no dynamic SQL is generated, and you're protected from bad data and things like quoting strings and dealing with quotes or comma's in the parameters themselves. Also, that's the only way to return parameters back from stored procedures (OUPUT params).read up on ADO -- I'll see if I can find a link for you.- Jeff |
|
|
|
JimAmigo
Posting Yak Master
119 Posts |
Posted - 2004-07-16 : 14:21:52
|
| Thank you both for your help. I am finding the SQLTEAM forum a wealth of help and information. |
|
|
|
Kristen
Test
22859 Posts |
Posted - 2004-07-17 : 04:08:07
|
| We did some tests on the execute(sqlstr) and the "command object and parameters collection" and the later was about 5% faster.As well as quoting strings, it also makes it much harder for SQL Injection.Kristen |
|
|
|
|
|
|
Pass variable from ASP page to Stored Procedure