Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Problem with an insert
Message
From
31/05/2006 10:25:57
Naomi Nosonovsky
Wisconsin, United States
 
 
To
31/05/2006 10:12:16
Mike Yearwood
Toronto, Ontario, Canada
General information
Forum:
Visual FoxPro
Category:
Coding, syntax & commands
Title:
Re: Problem with an insert
Miscellaneous
Thread ID:
01126129
Message ID:
01126164
Views:
24
>>>Pass it as parameter and you should have no problems at all:
>>>
>>>ldDate = DATE()
>>>lcSql  = [INSERT INTO MyTable (MyDateTimeField) VALUES (?m.ldDate)]
>>>
>>True. But if you would want to convert it for whatever reason, what format should we use?
>>
>
>IMO, this conversion of values into a string which is then sent to SQL Server leaves the door open for SQL Injection Attacks. Passing parameters is safe. No user input "sanitizing" required, either.

I'm not sure what exactly do you mean here and how it can open this door. However, I haven't worked with SQL Server for ~3 years, so I can take your word for granted.
If it's not broken, fix it until it is.


My Blog
Previous
Reply
Map
View

Click here to load this message in the networking platform