|
>From my basic understanding of how this works, the big thing is not toThe idea is to avoid stuff like having MyKey set to "'a'; delete * from MyTable; commit" passed as a user string.
dynamically build the SQL statements. Do not do:
"Select * from MyTable where MyKey = " + passedkeyfield;
Instead, make use of the host variables.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.