ik wrote:
One small note, you have an SQL injection at your code. I recommend
you to use parameters as how to add the values, but prior to that, you
should check to see if there are invalid chars, and trim them. That
way, you can avoid a lot of problems.
Ido
Perhaps you should explain what is so terrible about a "SQL injection"
? I have heard of this before, but not the reason. I do this regularly
and it seems to work fine!
I am hesitant to recommend parameters in this situation currently. It
depends on whether you form everything at run time, in which they are
probably OK, or try to set it up in Lazarus at design time. I have had
problems with parameters set up at design time. (I am still trying to
work out exactly what the issue is, or I would have posted something
about it, but basically they seem to loose their type specifications.
Of course, I might simply be doing something wrong !). If Lefti is just
writing his first few queries, what he is doing is probably a good way
to "get the hang of it".
cheers,
John Sunderland
_________________________________________________________________
To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe" as the Subject
archives at http://www.lazarus.freepascal.org/mailarchives
