Hi Vince In addition to what MB said, named parameters will prevent SQL Injection. That is if a user (hacker) entered SQL into a textbox that filled in cstring that person could do bad things to your SQL Server.
Mike Yearwood Microsoft MVP - FoxPro 2008 > Message: 2 > Date: Wed, 10 Jun 2009 12:25:59 -0400 > From: Vince Teachout <[email protected]> > Subject: How does a view get translated into Transact SQL? > To: [email protected] > Message-ID: <[email protected]> > Content-Type: text/plain; charset="us-ascii" > > Is there a way to figure out what a view does behind the scenes? > > For example, I have an Image field in a SQL server table, and a view on > that table in vfp. > > If I use views: > Insert into myview (key, myimage) values('123', cstring) > it works fine. > > The MyImage view field is blob, and the field on the server is image. > > But if I try SQLExec with this: > "Insert into myview (key, myimage) values('123', '" + cstring + "')" > > It crashes complaining about a quote within the cString (entirely possible) > > I'd like to find out how the view handles it, so I can mimic it in my > code. Any suggestions? Thanks. _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
