>>>Look at SQLEXEC() function.
>>>
>>>Also, it's bad practice to embed parameters into your sql query. It opens you up to SQL injection attacks.
>>
>>
http://xkcd.com/327/>
>I have always loved this XKCD.
>
>Technically he's wrong. He should say parameterize but sanitize fits in the space better :)
>
>
http://select-into.blogspot.com/2011/01/little-bobby-tables.htmlThanks for the link - that's the most concise explanation of strategies for migitation of SQL Injection I've ever seen.
Regards. Al
"Violence is the last refuge of the incompetent." -- Isaac Asimov
"Never let your sense of morals prevent you from doing what is right." -- Isaac Asimov
Neither a despot, nor a doormat, be
Every app wants to be a database app when it grows up
