I've got a long sql script that I want to run from my VB code. The script is in a file, say somefile.sql. Any suggestions on how best to do this
running long SQL script in file
Hot Topic
- Fail setup Visual Studio 2005 Beta 2
- Convert Java to VB
- Print a list of Word files or convert them to a single PDF.
- AnalogTVTuningSpace and MSVidCtl
- Object invoked has disconnected from its clients ERROR
- XML editing
- How To make Disconnected Recordset Like in VB 6.0 With VS 2005
- Loading new forms
- Migrate Windows Forms applications to Web Forms
- DataGridView Component
Visual Basic
- API GetUserObjectInformation
- Calling API with "void *"
- multiple users
- Question concerning Visual Basic and online php(and cgi) apps
- DLL PRoblem
- VB6 Upgrade Wizard
- The WebBrowser Control as an HTML Editor
- mdi form problem
- Selecting datagridview cell
- CAN WE USE VB CODE TO CALL other APPLICATIONS' OBJECTS
running long SQL script in file
johnmurray
Open the script file with a stream or file reader, read/parse the file into executable sql statements and execute as a data command object
HTH
MaxWeber
Or use a stored procedure and/or direct Ado.NET using parameters and hence negate the ability for malicious users to use SQL injection.
I won't make a suggestion to which is better, in-line SQL vs. sProcs.....that's a touchy subject for database programmers.
Nick Savoiu
Put the SQL Script into a stored procedure.
Execute the stored procedure.
howardtr
And for heavens sake, do some safety checks! This is a common vulnerability when using SQL.
Suppose you have a textbox, and allow a user to type in the value for a SELECT command.
cmdstring = "SELECT * FROM mytable WHERE name =' " & textbox1.text & " ' "
What do you suppose happens if a malicious user enters:
TOM JONES ' ; DROP TABLE mytable
Thats right... say goodbye to your table! Be darned sure to restrict access to your script file, and/or parse any user inputs for unexpected commands.