On Thu, Jun 3, 2010 at 3:54 AM, Jamie Fraser <[email protected]> wrote: > Don't concatenate SQL like that - you are open to SQL injection > attacks. For example, someone could use a JS debugger to modify the > values in ddlProjectPlatform so the Selected value was '0 OR 1=1' or > similar. ------------
I thought that his data was null value and when he put in addition to another string he error-ed. -- Stephen Russell Sr. Production Systems Programmer CIMSgts 901.246-0159 cell
