The other day I was showing a colleague some code I was working on, and in the passing he commented on the fact that I have hard coded SQL statements. Now these SQL Statements are extremely static and the ones that do tend to change I made into views on the database and have a hardcoded ‘select columns from view where ”’ kind of affair.
So my question is what is the best practice in these circumstances?
Is it to add the SQL statements as resources to the project and then call the resource in code ? Is there a better approach?
EDIT: In this case I interact with both SQL Server 2005 and Oracle Databases using .Net2.0
Stored procedures. Prevents all sorts of possible issues with injection, maintenance. Put database code where database code belongs.
ORM tool (like Hibernate, Subsonic, etc.) means you never see a line of T-SQL in the first place. Steeper learning curve, but a great practice to start sooner rather than later.