Hi there...

We are using .NET (VB .NET) frontend applications to analyse Data from SQLServer 2000. We use stored procedures where we can.

First of all, when using stored procedures through the Command Object and adding Parameters, SQL-Injection is avoided.

Secondly, by seperating the business logic and data logic more scalability is acchieved. If I have a reporting tool, that runs stored procedures, and also have the structure of the application in a table, I can easliy add new reports as stored procedures to the application, without having to change one piece of VB .NET code.

Last but not least, I find it easier to work with sp's from .NET than I did working with other environments. Because of this I used to rather build a statement and then just call the DB - not anymore.

About using DataReader vs. DataSet - I prefer using DataSet, because it gives me the chance to sort, filter in the frontend, even when the connection has been shut. Plus the DataReader can only be used once, and while it is in use the connection is still open. The DataSet gets the resultset, shuts the connection and lets you sort out the rest. It can be used more than once and can even be used to represent relations in the DB between multiple tables. I am normally not a microsoft fan, but I DO like .NET.

About those Queries you have there, talk to your developers, and see if you can get them to use stored procedures - talk to your boss about the efficiency of seperating logic and see if your company can make it a policy.

Greetings from germany

~nano

greetings from Germany