In my project I need to log all queries executed against my database. As an example we can use the staff user data here. In that class I have a function generating the command with the parameters as follows:
Public Function SQLUpdate(ByVal conn As SqlClient.SqlConnection) As SqlClient.SqlCommand Implements IDbConnected.SQLUpdate
Dim sqlstatement As String = "UPDATE Persons SET Active=@act, Abbreviation=@abbr, FirstName=@first, LastName=@last, " & _
"Birthday=@bday, Email=@email,Tel=@tel, Fax=@fax, Registered=@reg, Admin=@adm"
sqlstatement &= " WHERE ID=" & Me.ID
Dim comm As New SqlClient.SqlCommand(sqlstatement, conn)
With comm.Parameters
.Add("@act", SqlDbType.Bit).Value = Me.Active
.Add("@abbr", SqlDbType.VarChar).Value = Me.Abbreviation
.Add("@first", SqlDbType.VarChar).Value = Me.FirstName
.Add("@last", SqlDbType.VarChar).Value = Me.LastName
.Add("@bday", SqlDbType.SmallDateTime).Value = Me.Birthday
.Add("@email", SqlDbType.VarChar).Value = Me.Email
.Add("@tel", SqlDbType.VarChar).Value = Me.Telephone
.Add("@fax", SqlDbType.VarChar).Value = Me.Fax
.Add("@reg", SqlDbType.Bit).Value = Me.Registered
.Add("@adm", SqlDbType.Bit).Value = Me.Administrator
End With
Return comm
End Function
When I request the command text
comm.CommandText
then I get still the parametrizid query
UPDATE Persons SET Active=@act, Abbreviation=@abbr, FirstName=@first, LastName=@last, Birthday=@bday, Email=@email,Tel=@tel, Fax=@fax, Registered=@reg, Admin=@adm WHERE ID=2
off course I need the query where the parameters are replaced by the values. Is there an easy way to do this or do I need to program a function that does the replacements itsself?
The query goes down to the server with the parameters as parameters (which helps security and query plan re-use). So there is no need for what you ask to exist – and thus it doesn’t.
Personally I wouldn’t replace them, even when logging; I would simply append the name/value pairs when logging it, i.e. log something like: