Mike Yearwood
Toronto, Ontario, Canada
General information
Category:
Coding, syntax & commands
>I'm not expert in Access, but you should continue to use the question marks. That makes the values parameters. Concatenating user content into SQL commands is the classic newbie mistake that leads to SQL Injection Attacks.
As long as her home development computer is not acting as a publicly available web server the probability of an SQL Injection attack is 0.
Furthermore, the data is retreived from a Foxpro table, therefore its not clean `user content`. This allows for preprocessing of the data within that table before it is inserted into the Access database.
Previous
Next
Reply
View the map of this thread
View the map of this thread starting from this message only
View all messages of this thread
View all messages of this thread starting from this message only