>Just wondering 'out loud' about the possibility of a VFP9 database's stored procedures being susceptible to SQL-Injection attacks from an ADO.NET client. I'm torn between stored procs and dynamic SQL, and if VFP9 stored procs via OLEDB/ADO.NET are not any safer than dynamic SQL, I may as well do dynamic SQL, know what I mean?
>
>All comments welcome.
>
>Thanks!
Steve,
Can you give an SQL injection sample for VFP? IMHO either dynamic or stored procedure it is the coder who can create a vulnerability (and actually in SQL server too).
Cetin