ADO.NET performance tip

When creating a SqlParameter in an ADO.NET application you can significantly improve performance simply by specifying the data type of your parameters. When you specify an enumerated data type the data provider does not have to do any data conversion. Since data access is typically the most expensive thing an app does, especially with ASP.NET, anything you do to increase the performance of the data access layer will have a big impact on overall performance. Not using parameterized queries? You should. If you do not you are opening your app up to a SQL injection attack. Specifying the data type also helps in this regard. Compare this line of code:

objSQLCmd = New SqlCommand("UPDATE [TableName] SET [ColumnName] = " + _

UserInput.Text + " WHERE [ColumnName2] = @SQLparam2", objSQLConn)

Not only does the data provider have to convert the data type, a user could insert malicious code which your app dutifully injects into your SQL server. If you do this instead:

objSQLCmd = New SqlCommand("UPDATE [TableName] SET [ColumnName] = _

@SQLparam1 WHERE [ColumnName2] = @SQLparam2", objSQLConn)

You can specify the data type and your app will be faster and less vulnerable