Can anyone tell me if the following two methods of sending information to a store procedure are behaving in the same way? Is there a benefit to one over the other, mostly in terms of security? Both ways work for me, I'm just wondering what the difference is. Thank you!


--METHOD #1--
cmd.CommandText = "spGetInfo"
cmd("@InfoID") = CInt(InfoID))
cmd("@Visits") = CInt(1)
cmd("@View") = "Full"

Set rs = Server.CreateObject("ADODB.Recordset")
rs.CursorLocation = 3
rs.CursorType = 3
rs.LockType = 3
rs.Open Cmd


--METHOD #2--
cmd.CommandText = "spGetInfo"
cmd.CommandType = 4
cmd.Prepared = true

cmd.Parameters.Append cmd.CreateParameter("@InfoID", 3, 1, 4, CInt(InfoID))
cmd.Parameters.Append cmd.CreateParameter("@Visits", 3, 1, 4, CInt(1))
cmd.Parameters.Append cmd.CreateParameter("@View", 200, 1, 30, "Full")

Set rs = Server.CreateObject("ADODB.Recordset")
rs.CursorLocation = 3
rs.CursorType = 3
rs.LockType = 3
rs.Open Cmd


--STORED PROCEDURE--
ALTER PROCEDURE [spGetInfo]
@InfoID int = 0,
@Visits int = 0,
@View nvarchar(10) = null

AS

IF @View = 'Full'
BEGIN
SELECT *
FROM tbInfo
WHERE InfoID = @InfoID
END