2006/8/21, Joost van der Sluis <[EMAIL PROTECTED]>:
On Mon, 2006-08-21 at 12:59 -0400, Alexandre Leclerc wrote:
> Simply use the StringReplace() function to replace you parameter with
> the desired value. Personally, I used the Format function...
>
> Format('select * from %s where %s', ['table','a=b']);
And what if the string %s is : ' table; drop database' ?
This was an example of the potential; second, to answer you question,
this will not work: this would result in an invalid query. Drop table
is a command in itself.
--
Alexandre Leclerc
_________________________________________________________________
To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe" as the Subject
archives at http://www.lazarus.freepascal.org/mailarchives
