Hi all,

Someone trying to help me, sent me this following message regarding
executing stored procedures with firebird in the .NET environment.
I use lot of stored procedures in my applications, so if I cannot
execute them in therms of select, it will be very difficult.
Anyway, if someone has any comment on that,
I will appreciate a lot.

Hope this message can help many people.
Marcelo Miorelli


I'm not familiar with the Firebird .NET Provider, but with SQL
Server,
you can't do something like:

select x from MyStoredProcedure(y, z)

instead you end up using output variables or return values, like
this:

output variables:
exec MyStoredProcedure 'xyz', @outputVar = @myLocalVar OUTPUT

return values:
exec @myReturnVariable = MyStoredProcedure 'xyz', 123

When setting up your command, make sure you set the CommandType to
StoredProcedure.

Also, you should use parameters instead of concatenating strings to
form
your SQL statement. You're just asking for a SQL Injection. Using
parameters also lets you specify the direction of your parameters as
well (i.e. Output or Input).