Home Dashboard Directory Help
Search

SQL Server Compact 3.5 SP2, ADO parameterized queries crash by Gaute.1


Status: 

Closed
 as Won't Fix Help for as Won't Fix


5
0
Sign in
to vote
Type: Bug
ID: 679650
Opened: 7/17/2011 4:46:36 AM
Access Restriction: Public
0
Workaround(s)
view
6
User(s) can reproduce this bug

Description

The attached native test-application crashes when using more than one parameter in a SQL statement. The same code works fine on SQL Server 2008.

ADO with Provider=Microsoft.SQLSERVER.CE.OLEDB.3.5
Visual Studio 2010 SP1
32bit C++ application on Windows 7 Ultimate x64
Details
Sign in to post a comment.
Posted by Christian Hund on 3/26/2013 at 2:52 AM
I got the same issue.
I would rate this bug as important, since parameterized queries are the recommended way to prevent some SQL injection attacks. Which other way to prevent SQL injections are offered from MS for ADO / SQL CE?
Posted by Microsoft on 2/18/2013 at 11:19 AM
Hi,
    Thank you very much for your feedback on this issue. SQL Server compact edition is in deprecation mode with no new releases planned near future. Last release SQL CE 4.0SP1 (and earlier releases that are still in the support cycle) will continue to be supported through its lifecycle and Microsoft is committed to fix any major, production blocking issues found in these releases. At this point, we don't consider this issue to be in that category and hence we are closing this issue.
On the desktop/laptop deployments, migrating to SQL Server LocalDB/SQL Express is a possible option for many of the current users (http://msdn.microsoft.com/en-us/library/hh510202.aspx)

thanks for your support
Microsoft SQL Server
Posted by jamome on 10/26/2011 at 5:19 PM
Also, my parametrization logic works fine against Access (Jet), which I actually don't use anymore because of SQLCE! The only thing that's I don't like about SQLCE is the param issues. Any chance this will be fixed in SQLCE 4.1? Its been a while since 4.0 shipped, is future development of SQLCE dead?!? I sure hope not since its a fantastic advancement over Jet.
Posted by jamome on 10/25/2011 at 10:38 AM
I also am having lots of issue with SQLCE, ADO, MFC and parametrized queries. My paramaterization logic works fine when I run my application against SQL Server.

With SQLCE its a "no go". I had to write de-parameterization logic, which loops through each param and builds a formated SQL statement (CString) which is then executed. This adds extra overhead, but is a I can do since SQL CE param seems broken with C++/MFC/ADO.

If there are special requirements for SQLCE params, we need a whitepaper or some form of a guide.
Posted by Microsoft on 10/18/2011 at 3:09 AM
Thanks for logging the issue. We will investigate the issue and post back the results of the investigations.

Regards,

Ambrish
Posted by Yves.63 on 8/26/2011 at 8:36 AM
Same problem on Windows Vista 32bits - SQL Server Compact 3.5 SP1 and SP2
Sign in to post a workaround.
File Name Submitted By Submitted On File Size  
testAdoCE.zip 7/17/2011 11 KB