Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
How to use dates in WHERE in SQL Server
Message
From
10/06/2008 17:15:19
Dmitry Litvak
Massachusetts, United States
 
 
To
10/06/2008 17:14:22
Cetin Basoz
Engineerica Inc.
Izmir, Turkey
General information
Forum:
Microsoft SQL Server
Category:
Other
Title:
Re: How to use dates in WHERE in SQL Server
Miscellaneous
Thread ID:
01322704
Message ID:
01322943
Views:
26
>>
>>Thank you for the explanation. Do I understand correctly that when you use the "?parameter" approach you are not opening database to the public? And when you are sending a SQL string to be executed on the server, you are?
>
>Yes, with parameter approach your calls are immune to attack. With string building approach you let people to be able to do anything that connected user could do (like querying sensitive data, deleting tables, ...).
>Cetin

I understand. Thank you for a valuable lesson.
"The creative process is nothing but a series of crises." Isaac Bashevis Singer
"My experience is that as soon as people are old enough to know better, they don't know anything at all." Oscar Wilde
"If a nation values anything more than freedom, it will lose its freedom; and the irony of it is that if it is comfort or money that it values more, it will lose that too." W.Somerset Maugham
Previous
Reply
Map
View

Click here to load this message in the networking platform