Top
Top
LibraryEASYProcess Reference ManualProcessesServicesDBWorkshopExecuteUpdate

ExecuteUpdate Overview

An “ExecuteUpdate” is a service that can be used to execute a SQL statement against a database.

The benefit of using an ExecuteUpdate to an Update or Delete service, is that you can type out your SQL statement and do complex inserts or deletes with unions and subqueries. The ExecuteUpdate will also be able to run multiple statements. This is useful when you want to break from the EASYProcess provided patterns of other services.

The drawback of an ExecuteUpdate is that EASYProcess isn’t aware of the pattern you are following. EASYProcess is in charge of maintaining the query pattern in services like Update or Delete, so it is able to do things for us, like parameterize the query. In ExecuteUpdate, the developer is responsible for the parameterization of the query.

A parameterized query is a query in which placeholders are used for parameters and the parameter values are supplied at execution time. The most important reason to use parameterized queries is to avoid SQL injection attacks. These can happen when a value used in the query comes from the page in user entered data. It is good practice to parameterize all filter values, even the hard coded ones. This allows future developers to change the hard coded value to a dynamic one that could come from user input without having to first change the syntax of the query to use parameterization.

Even though the ExecuteUpdate gives the developer full control over the SQL statement that will execute, the ExecuteUpdate EASYProcess service does not expect a response. This means the service could be used for a SELECT statement, but the results will not be returned. If you want the control the ExecuteUpdate gives, but would like to write a SELECT statement, use RunQuery.


ExecuteUpdate Use Examples
Workshop:DBWorkshop
Service:ExecuteUpdate
Inputs
DbType

ConnectionString

Query

ExecutionTimeout

Parameters

Parameter

Name

Value

DataType

ParametersXml

CommandTimeout

Outputs
NoOfRecordsAffected
Query

ExecuteUpdate Use Examples

Insert Into Statement

In this example, the ExecuteUpdate is used to perform an Insert Into statement. The format for a statement like this is:

INSERT INTO table_name (column1, column2, column3, ...)

VALUES (value1, value2, value3, ...);

Multiple Statements in One ExecuteUpdate

Multiple SQL statements can be contained in one ExecuteUpdate service. In the example below, the following statements will run:

  • Update
  • Delete
  • Insert Into (multiple)


Powered by EASYProcess (© 2019 K-Rise Systems, Inc).