Mike Yearwood
Toronto, Ontario, Canada
General information
Forum:
Microsoft SQL Server
Category:
Stored procedures, Triggers, UDFs
Environment versions
SQL Server:
SQL Server 2008
>>m.lcParameter = "something to be injected"
>>
>>Here I add the parameter to the string:
>>lcSQL = "select * from table where field = ?lcParameter"
>>
>>vs
>>
>>Here I add the parameter value to the string:
>>lcSQL = "select * from table where field = ' " + m.lcParameter + "'"
>>
>>The difference is obvious.
>
>Why you're showing VFP sample? Also, I know that, are you explaining it for Brandon?
Naomi
Don't be dense. I don't want to get into an argument with you, because you might steal my password and break into my account - as you did to Andy Kramek - and who knows what mischief you'll do then.
I originally replied to Brandon, not you, because IMO your statement was unclear. You protested that your phrasing was clear. Obviously you did not appreciate the difference between your phrasing and mine. I provided an example to you because you asked. The language I use to provide the example is irrelevant, as long as you and I understand it so the distinction can be made.
Previous
Next
Reply
View the map of this thread
View the map of this thread starting from this message only
View all messages of this thread
View all messages of this thread starting from this message only