I'm currently creating a frontend for searching information in a MSSQL database and I'm facing the problem that it is so slow when I use a statement with placeholders and SqlParameter, that it runs into a timeout. Using the variable directly (string.Format, which is of course prone to SQL-Injection attacks) is fast, so I'm guessing it has to do with the SqlParameter.
The database has the following format and contains about 115.000.000 entries:
Code:
CREATE TABLE ExampleTable ( ID INT NOT NULL, Name VARCHAR(128) NOT NULL DEFAULT '', Class CHAR(1) NOT NULL DEFAULT 'M', PRIMARY KEY (ID) );
- Set ArithAbort ON
- Use explicit datatypes for the SqlParameter
Code:
string searchName = "%SomeValue%"; SqlConnection connection = new SqlConnection(string.Format("Data Source={0};Database={1};Trusted_Connection=true", CONNECTION_SERVER, CONNECTION_DATABASE)); connection.Open(); new SqlCommand("SET ARITHABORT ON;", connection).ExecuteNonQuery(); using (SqlCommand command = new SqlCommand("SELECT TOP 100 ID, Name FROM dbo.ExampleTable WHERE Name LIKE [at]Name;", connection)) // Replace [at] with @, Elitepvpers replaces it with some [mention] tag { command.Parameters.Add(new SqlParameter("Name", SqlDbType.VarChar, 128)).Value = searchName; List<ExampleClass> names = new List<ExampleClass>(); using (SqlDataReader reader = command.ExecuteReader()) // This is where the timeout occurs. { while (reader.Read()) { names.Add(new ExampleClass((int)reader[0], (string)reader[1])); } } // Do something with List<ExampleClass> names. }
Code:
// ... using (SqlCommand command = new SqlCommand(string.Format("SELECT TOP 100 ID, Name FROM dbo.ExampleTable WHERE Name LIKE '{0}';", searchName), connection)) // ...
Do you have any more tips what I can do?
Thanks in advance,
Mi4uric3