Insert into SQL with a '

Plateforme Level Extreme

Abonnement

Profil corporatif

Produits & Services

Support

Légal

English

Insert into SQL with a '

Message

21/08/2019 13:42:29

Mark Hardiman
Kernel Software
Ireland, Irlande

21/08/2019 12:52:39

Cetin Basoz
Engineerica Inc.
Izmir, Turquie

Information générale

Forum:

Visual FoxPro

Catégorie:

Base de données, Tables, Vues, Index et syntaxe SQL

Titre:

Re: Insert into SQL with a '

Divers

Thread ID:

01670208

Message ID:

01670220

Vues:

>>>>Try to use parameters instead:
>>>>

>>>>text to lcSQLCommand noshow
>>>>Insert into Contacts ([Contact Name]) 
>>>>values (?m.lcName)
>>>
>>>endtext
>>>
>>>>SQLEXEC(m.lnSQLHandler, m.lcSQLcommand)

>>
>>... and to add to why you may want to use parameters (aside from the original question about problem caused by apostrophe within name):
>>https://www.w3schools.com/sql/sql_injection.asp
>>https://xkcd.com/327/
>
>Thanks but I am already aware why I would want to use parameters :) I assume you meant to send to Mark instead.
Thanks all.
~M

Go raibh maith agat

~M

Répondre

Fil

Voir

Click here to load this message in the networking platform