SQL Server Compact 3.5 SP2, ADO parameterized queries crash - by Gaute.1

Status : 

  Won't Fix<br /><br />
		Due to several factors the product team decided to focus its efforts on other items.<br /><br />
		A more detailed explanation for the resolution of this particular item may have been provided in the comments section.

Sign in
to vote
ID 679650 Comments
Status Closed Workarounds
Type Bug Repros 6
Opened 7/17/2011 4:46:36 AM
Access Restriction Public


The attached native test-application crashes when using more than one parameter in a SQL statement.  The same code works fine on SQL Server 2008.

ADO with Provider=Microsoft.SQLSERVER.CE.OLEDB.3.5
Visual Studio 2010 SP1
32bit C++ application on Windows 7 Ultimate x64
Sign in to post a comment.
Posted by Christian Hund on 3/26/2013 at 2:52 AM
I got the same issue.
I would rate this bug as important, since parameterized queries are the recommended way to prevent some SQL injection attacks. Which other way to prevent SQL injections are offered from MS for ADO / SQL CE?
Posted by Microsoft on 2/18/2013 at 11:19 AM
    Thank you very much for your feedback on this issue. SQL Server compact edition is in deprecation mode with no new releases planned near future. Last release SQL CE 4.0SP1 (and earlier releases that are still in the support cycle) will continue to be supported through its lifecycle and Microsoft is committed to fix any major, production blocking issues found in these releases. At this point, we don't consider this issue to be in that category and hence we are closing this issue.
On the desktop/laptop deployments, migrating to SQL Server LocalDB/SQL Express is a possible option for many of the current users (http://msdn.microsoft.com/en-us/library/hh510202.aspx)

thanks for your support
Microsoft SQL Server
Posted by jamome on 10/26/2011 at 5:19 PM
Also, my parametrization logic works fine against Access (Jet), which I actually don't use anymore because of SQLCE! The only thing that's I don't like about SQLCE is the param issues. Any chance this will be fixed in SQLCE 4.1? Its been a while since 4.0 shipped, is future development of SQLCE dead?!? I sure hope not since its a fantastic advancement over Jet.
Posted by jamome on 10/25/2011 at 10:38 AM
I also am having lots of issue with SQLCE, ADO, MFC and parametrized queries. My paramaterization logic works fine when I run my application against SQL Server.

With SQLCE its a "no go". I had to write de-parameterization logic, which loops through each param and builds a formated SQL statement (CString) which is then executed. This adds extra overhead, but is a I can do since SQL CE param seems broken with C++/MFC/ADO.

If there are special requirements for SQLCE params, we need a whitepaper or some form of a guide.
Posted by Microsoft on 10/18/2011 at 3:09 AM
Thanks for logging the issue. We will investigate the issue and post back the results of the investigations.


Posted by Yves.63 on 8/26/2011 at 8:36 AM
Same problem on Windows Vista 32bits - SQL Server Compact 3.5 SP1 and SP2