What is the best strategy to avoid hard coded SQL statements

Question

The other day I was showing a colleague some code I was working on, and in the passing he commented on the fact that I have hard coded SQL statements. Now these SQL Statements a

Answer 1

It really depends on your data model and what permissions you have to the database. I've been to companies who do not allow their .Net developers to write Stored Procs and only allow a select group of database developers to do such.

Like Frakkle mentioned, if your data model doesn't change often, then most likely the hard coded statements won't be a problem.

There are ways to parametrize your hard coded sql statements if you don't use Stored Procedures or an ORM tool. This is a recommended practice.

If you are using MSSql 2005+ then, from what I've seen and tested, your hard coded statements will have their execution plans still cached. There are also hints that can be used (like OPTIMIZE FOR UNKNOWN) that will help it out the performance even more.

Evaluate your environment and the amount of change at the data layer and you should be ok either way you go.