Parametrized SQLite query running slowly

Question

Good night,

I have a method in which I need to select from an SQLite database a value obtained by querying the database with two strings. The strings are passed to the method and inside the method I make some string concatenation to build SQLiteCommand.CommandText. What surprises me is that even with string concatenation, and despite the fact that everyone says parametrizes queries are faster than using string concatenation, when I parametrize this query outside the method and only assign values to the parameters in the method itself it runs much slower (3ms compared to 7/8ms)... Am I doing something wrong or is this normal?

Outside the method I have the following code:

ComandoBD = new SQLiteCommand(@"SELECT Something FROM SomeTable WHERE (Field1 = @TextField1 AND Field2 = @TextField2)", LigacaoBD);.

Inside the method I just write

ComandoBD.AddWithValue("@TextField1", StringWithValue1); ComandoBD.AddWithValue("@TextField2", StringWithValue2);

Strangely, this runs faster: ComandoBD.CommandText = "SELECT Something FROM SomeTable WHERE (Field1 = '" + StringWithValue1 + "' AND TextField2 = '" + StringWithValue2 + "')";

Thank you very much.

Answer 1

Parameterized queries aren't faster than hand coding sql. The reason they are used is that they offer many of the same security benefits as using stored procedures. Don't add strings together to make sql with text box input...other developers will think you are slow in the brain.

How about you add in all of the code required to sanitize your string input and then see if it still runs faster =)

Answer 2

compiled queries (which are parametrized) are definitely faster, since they only need to be parsed once. So if you are executing the same statement many times but with different values then it will be faster