Home/ Questions/Q 7959757
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-04T04:37:21+00:00

Here, I am confused about stored procedure. HERE, we apply all the data base

  • 0

Here, I am confused about stored procedure. HERE, we apply all the data base related operation into the code :

string query = "insert into accounts(name, opening_balance, category, address, contact_person, phone_number) values("
                                + "'" + account.Name + "',"
                                + account.OpeningBalance + ","
                                + account.Category.Id + ","
                                + "'" + account.Address + "',"
                                + "'" + account.ContactPerson + "',"
                                + "'" + account.PhoneNumber + "')";
            account.Id = SQLiteHelper.ExecuteInsert(query);

Can we apply it in stored procedure? If so: how? What is the advantage of stored procedure over it?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    MVVM has nothing to do with your SQL question.

    Basically you should not string together values into a SQL expression, as it allows for the injection of SQL code by the end-user. ie. really bad idea.

    A stored procedure give you more control over the parameters and avoids injection attacks. It also allows you to make subtle changes, e.g. if the database changes slightly, without changing the calling C# code.

    Unfortunately it appears that SQLite does not support store procs, so you may want to vary your approach. Take a look at this link: http://www.sqlite.org/whentouse.html

    If you must stick with SQLite, and not say SQL CE, you will want to add validation checks to your code to ensure SQL statements are not inserted.

    • 0