ExecuteUpdate Overview

An “ExecuteUpdate” is a service that can be used to execute a SQL statement against a database.

The benefit of using an ExecuteUpdate to an Update or Delete service, is that you can type out your SQL statement and do complex inserts or deletes with unions and subqueries. The ExecuteUpdate will also be able to run multiple statements. This is useful when you want to break from the EASYProcess provided patterns of other services.

The drawback of an ExecuteUpdate is that EASYProcess isn’t aware of the pattern you are following. EASYProcess is in charge of maintaining the query pattern in services like Update or Delete, so it is able to do things for us, like parameterize the query. In ExecuteUpdate, the developer is responsible for the parameterization of the query.

A parameterized query is a query in which placeholders are used for parameters and the parameter values are supplied at execution time. The most important reason to use parameterized queries is to avoid SQL injection attacks. These can happen when a value used in the query comes from the page in user entered data. It is good practice to parameterize all filter values, even the hard coded ones. This allows future developers to change the hard coded value to a dynamic one that could come from user input without having to first change the syntax of the query to use parameterization.

Even though the ExecuteUpdate gives the developer full control over the SQL statement that will execute, the ExecuteUpdate EASYProcess service does not expect a response. This means the service could be used for a SELECT statement, but the results will not be returned. If you want the control the ExecuteUpdate gives, but would like to write a SELECT statement, use RunQuery.