In the search for better and better performance, there are many techniques developers can use. A technique used early on by some entry level or “still learning” developers is to build inline SQL. That looks something like this:
string name = "Mark"; string query = "SELECT * FROM users WHERE FirstName='" + name + "'"; OleDbCommand cmd = new OleDbCommand(query); OleDbDataReader reader = cmd.ExecuteReader();
There are steps missing… this is just example code
This is something more seasoned developers learn to avoid almost immediately. There’s a variety of reasons why inline SQL is bad. The most important reason is security.
However, there’s another reason to avoid it. Performance.
Continue reading “Performance – Inline SQL vs Parameterized Queries”