> Using strings built into queries is prone to sql injection if the query has > any input from the users and is considered a deadly sin in most cases.
Here is a good example describing why you should never concatenate data into a SQL statement; you should always use parameterized queries instead. http://bobby-tables.com/ http://bobby-tables.com/about -Tim ********************************************************************** 4D Internet Users Group (4D iNUG) FAQ: http://lists.4d.com/faqnug.html Archive: http://lists.4d.com/archives.html Options: http://lists.4d.com/mailman/options/4d_tech Unsub: mailto:[email protected] **********************************************************************
