Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Problem with an insert
Message
From
31/05/2006 10:12:16
Mike Yearwood
Toronto, Ontario, Canada
 
General information
Forum:
Visual FoxPro
Category:
Coding, syntax & commands
Title:
Re: Problem with an insert
Miscellaneous
Thread ID:
01126129
Message ID:
01126157
Views:
13
>>Pass it as parameter and you should have no problems at all:
>>
>>ldDate = DATE()
>>lcSql  = [INSERT INTO MyTable (MyDateTimeField) VALUES (?m.ldDate)]
>>
>True. But if you would want to convert it for whatever reason, what format should we use?
>

IMO, this conversion of values into a string which is then sent to SQL Server leaves the door open for SQL Injection Attacks. Passing parameters is safe. No user input "sanitizing" required, either.
Previous
Next
Reply
Map
View

Click here to load this message in the networking platform