( XXXX@XXXXX.COM ) writes:
Maybe. But you would need to talk to people who use JRun4 to find out.
However, if you are actually calling stored procedures, and JRun4
generates a temporary stored procedure, there is something fishy. The
best way to call a stored procedure is through RPC, and most client
API - to not say all - provide a means to do that. I would guess that
if JRun4 generates a temporary stored procedure, that you are in fact
composing EXEC statements. This is less efficient, and depening on how
you get parameter values into the command string, you may also be
open to SQL injection.
Erland Sommarskog, SQL Server MVP, XXXX@XXXXX.COM
Books Online for SQL Server 2005 at
Books Online for SQL Server 2000 at