Query SQL using variables.

M

Mr. Arnold

Tom Shelton said:
There maybe no harm in his particular case. But, why do you want to
teach someone a method that can be a potential security risk in another
context - especially without telling them so? To me it is the same as
warning people to use Option Strict On. It's not strictly necessary,
but it is a bad practice - except in rare circumstances. The OP could
just have easily used a parameterized query in this case (you don't have
to make a stored proc to take advantage of parameters). And not only
would he gain the advantage of not having to worry about proper quoting
and sql injection attacks - but might have gotten a little speed boost
if this query is executed multiple times - since sqlserver caches the
execution paths of parameterized queries, just as it does stored procs.
Click to expand...

I am not teaching him anything. I gave him a solution to his problem. If
this blew his mind, then I wouldn't be going too much beyond that at this
time.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Change SQL in VBA 0
How to Handle a SQL Statement with Quotes 1
connection to sql server 2005 problem 5
Using variables as table names in an append sql statemnt 1
NOVICE: SQL Query on a Timer, Growing Memory Size 5
Problems with using SQL via VBA to extract db data and copy to a worksheet 1
SQL Server Connection problem 5
SQL & Using results 1

Top