Mike Yearwood
Toronto, Ontario, Canada
Information générale
Forum:
Microsoft SQL Server
Versions des environnements
SQL Server:
SQL Server 2000
>>You can create the SQL in a stored procedure like that, but since you're going to call sp_ExecuteSQL you still have to watch out for SQL Injection attacks. I just finished an article for FPA on the proper way to prevent them. Keep an eye out for it.
>
>
>Good point. Had thought of that but in this case there is very low risk as it is in an Intranet and this particular function is only used by Admins to create some info for users to see.
I like consistency. I outline a technique in that article which can be used everytime. Now when I don't use it, my skin crawls. :)
Précédent
Suivant
Répondre
Voir le fil de ce thread
Voir le fil de ce thread à partir de ce message seulement
Voir tous les messages de ce thread
Voir tous les messages de ce thread à partir de ce message seulement