>>>m.lcParameter = "something to be injected"
>>>
>>>Here I add the parameter to the string:
>>>lcSQL = "select * from table where field = ?lcParameter"
>>>
>>>vs
>>>
>>>Here I add the parameter value to the string:
>>>lcSQL = "select * from table where field = ' " + m.lcParameter + "'"
>>>
>>>The difference is obvious.
>>
>>Why you're showing VFP sample? Also, I know that, are you explaining it for Brandon?
>
>Naomi
>
>Don't be dense. I don't want to get into an argument with you, because you might steal my password and break into my account - as you did to Andy Kramek - and who knows what mischief you'll do then.
>
Shame on you. :(
>I originally replied to Brandon, not you, because IMO your statement was unclear. You protested that your phrasing was clear. Obviously you did not appreciate the difference between your phrasing and mine. I provided an example to you because you asked. The language I use to provide the example is irrelevant, as long as you and I understand it so the distinction can be made.
.·*´¨)
.·`TCH
(..·*
010000110101001101101000011000010111001001110000010011110111001001000010011101010111001101110100
"When the debate is lost, slander becomes the tool of the loser." - Socrates
Vita contingit, Vive cum eo. (Life Happens, Live With it.)
"Life is not measured by the number of breaths we take, but by the moments that take our breath away." -- author unknown
"De omnibus dubitandum"
