Insert Overview

An “Insert” is a service that can be used to run a SQL Insert statement. This means the statement will create new records in the specified table.

The benefit of using an Insert to an ExecuteUpdate (another service that can be used to run an Insert statement), is that you can enter the desired table and values and EASYProcess will build the SQL statement for you. This does not require that the developer be very familiar with the SQL syntax.

Insert services build the query for you given the table and values. It follows the pattern:

INSERT INTO [Table] ([Column1], [Column2], ...)

WHERE ([Value1], [Value2], ...)

The drawback of the Update service is that EASYProcess will always use this pattern and requires that the Values be predefined. Sometimes a developer would like to build the Insert statement based on XSLT functions. A developer also might just feel more comfortable writing the statement themselves which gives more control. In these examples an ExecuteUpdate service might be a better fit.

Since EASYProcess is in charge of maintaining the SQL statement pattern in an Insert service, it is able to do things for us, like parameterize the query.

A parameterized query is a query in which placeholders are used for parameters and the parameter values are supplied at execution time. The most important reason to use parameterized queries is to avoid SQL injection attacks. These can happen when a value used in the query comes from the page in user entered data.