sp_executesql issue | SQL Server Performance Forums

SQL Server Performance Forum – Threads Archive

sp_executesql issue

Hi there!
I was wondering if it makes any difference to execute the sp_executesql system store procedure from a class (written in C#,VB.NET or whatever) or from an user store procedure.
Which of these ways give the best performance?
Thanks in advance
Well, you really shouldn’t use it at all. Dynamic SQL wil not ever perform optimally. It’s also a big security risk. Because of the security risk, I would definitely try to limit it to user stored procedures though which are very controlled. For more information, do a search on google for sql injection. MeanOldDBA
[email protected] When life gives you a lemon, fire the DBA.
To add to Derrick, read this:
http://www.sommarskog.se/dynamic_sql.html
http://www.sommarskog.se/dyn-search.html It’s not all about performance. In fact, I believe people choose an RDBMS mainly because of reliability, but rather performance. Dynamic SQL surely has its place, but it only comes into play when all else fails. It should almost never be first choice. –Frank
http://www.insidesql.de
]]>