An “Update” is a service that can be used to run a SQL update statement. This means the statement targets already existing records in a specified table and will update the values in certain columns of the table in the desired way.
The benefit of using an Update to an ExecuteUpdate (another service that can be used to run an update statement), is that you can enter the desired table and where clause and EASYProcess will build the SQL statement for you. This does not require that the developer be very familiar with the SQL syntax.
Update services build the query for you given the table and where clause. It follows the pattern:
UPDATE [Table] SET [Column1]=[Value1], [Column2]=[Value2], …
The drawback of the Update service is that EASYProcess will always use this pattern and requires that the WhereClause be predefined in the Keys. Sometimes a developer would like to build the update statement based on XSLT functions. A developer also might just feel more comfortable writing the statement themselves which gives more control. In these examples an ExecuteUpdate service might be a better fit.
Since EASYProcess is in charge of maintaining the query pattern in an Update service, it is able to do things for us, like parameterize the query.
A parameterized query is a query in which placeholders are used for parameters and the parameter values are supplied at execution time. The most important reason to use parameterized queries is to avoid SQL injection attacks. These can happen when a value used in the query comes from the page in user entered data.