I am concerned to the SA log-in pair being used in production, however.
Best practices would be to create a limited SQL account for use in
production queries (one that restricted in particular the account's ability
to DROP the table). That way you're double protected against having the
drop table command slipped in to the url string (your first protection is,
of course, properly validated code in your forms).
Rick
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
