Blog Post
DanielWillis
2 years agoValued Contributor
Good topic, I don't see this done enough in the wild. I agree that its much more readable. I also feel a lot more comfortable when I'm implementing more secure code (re: sql injection) even in a low risk environment such as OS.
To go one step further on the readability front, I don't entirely understand why people use StringBuilder in these situations and I'd love to be shown the light if there is some. I only understand the benefits of StringBuilder when compared to making many concatenations to a string (e.g. via a loop).
I find this code much more readable. I also like that I can copy the SQL for testing without having to remove x.appends.= and quotes all over the place
' use Decimals everywhere, its what OneStream cells also contain in .CellAmount
Dim someAmount as Decimal = 123.456
Dim myQuery As String
myQuery = "SELECT * FROM vStageSourceAndTargetDataWithAttributes
WHERE RawAmount < @myThreshold"
Dim parameters As New List(Of DbParamInfo)
parameters.Add(New DbParamInfo("myThreshold", someAmount))
Dim result As DataTable = BRApi.Database.ExecuteSql(dbconn, myQuery, parameters, False)
Feel free to send swag 😁