parameterized command(参数化命令)检索整个父 Recordset,但在访问子集列时仅检索子集 Recordset。这种检索策略的差别可以有益的性能好处。
基于32个网页-相关网页
使用参数化命令,避免动态sql语句。
Use parameterized commands and avoid dynamic SQL statements.
除了安全方面的优点外,若要组织以SQL陈述式传递的值或传递至预存程序的值,参数化命令也是方便的方法。
In addition to the security benefits, parameterized commands provide a convenient method for organizing values passed with a SQL statement or to a stored procedure.
使用参数化命令有助于防范 SQL 投射攻击,在此类攻击中,攻击者会「投射」命令到 SQL 陈述式中,对伺服器的安全性造成危害。
Using parameterized commands helps guard against SQL injection attacks, in which an attacker "injects" a command into a SQL statement that compromises security on the server.
应用推荐