Home/ Questions/Q 6047209
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T07:19:34+00:00

Assume that I have a store procedure in SQL Server with a name sp_GetData1

  • 0

Assume that I have a store procedure in SQL Server with a name sp_GetData1 with params:

@Input1 int
@Input2 string

THis stored procedure will return a datatable. To get datatable from this stored procedure, I use ADO.NET. To execute this stored procedure, we must provide param’name, param’s sqldatatype, & param’ value.

I have a question: We can execute this stored procedure (using ADO.NET) without providing param’s name & param’s sqldatatype? That mean, I only need providing values of parameters in order.

Thanks.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    One way to safely execute a stored procedure without directly specifying the names, direction and type of parameters is to use SqlCommandBuilder.DeriveParameters.

    This will retrieve the parameters from the server amd create the SQLParameter collection for you. You still need to populate the values on the parameter collection on the command.

    ...I'm assuming  a variable cmd with the command string and connection property set
SqlCommandBuilder.DeriveParameters(cmd);
cmd.Parameters[0].Value = input1;
cmd.Parameters[1].Value = input2;

    There is a performance penalty for going to the server but at least you don’t have to worry about sql injection

    The old SQLHelper did this and cached the parameters so it only did it once. Enterprise Library will do the same. Full ORMs also will do similar things for you.

    • 0