Plateforme Level Extreme
Abonnement
Profil corporatif
Produits & Services
Support
Légal
English
Problem with an insert
Message
De
31/05/2006 10:12:16
Mike Yearwood
Toronto, Ontario, Canada
 
 
À
31/05/2006 10:02:56
Naomi Nosonovsky
Wisconsin, États-Unis
Information générale
Forum:
Visual FoxPro
Catégorie:
Codage, syntaxe et commandes
Titre:
Re: Problem with an insert
Divers
Thread ID:
01126129
Message ID:
01126157
Vues:
18
>>Pass it as parameter and you should have no problems at all:
>>
>>ldDate = DATE()
>>lcSql  = [INSERT INTO MyTable (MyDateTimeField) VALUES (?m.ldDate)]
>>
>True. But if you would want to convert it for whatever reason, what format should we use?
>

IMO, this conversion of values into a string which is then sent to SQL Server leaves the door open for SQL Injection Attacks. Passing parameters is safe. No user input "sanitizing" required, either.
Précédent
Suivant
Répondre
Fil
Voir

Click here to load this message in the networking platform