If your values are always numbers, always use the Val() funtion .. It
returns the number if it is a number and returns a 0 if anything else.
Otherwise, make sure you put single quotes aroung the variable. There are
many other things you can do, but those 2 will take care of a lot of the
basic nastiness.
Todd Ashworth
| > I pass a few values through URL variable that I use in where clauses in
my
| > SQL. I want to prevent someone from passing malicious SQL through that
| > value. What are my options??
| >
| > Kevin Schmidt
| > Internet Services Director
| > PWB Integrated Marketing and Communications
| > Office: 734.995.5000
| > Mobile: 734.649.4843
------------------------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message
with 'unsubscribe' in the body to [EMAIL PROTECTED]
