On Wed, Jan 19, 2011 at 8:55 PM, Anthony J. Gundrum <[email protected]> wrote: > Dynamic SQL is actually frowned upon for security reasons. It's fairly easy > for someone to do SQL injection which is very dangerous. > > Dynamic SQL Injection Articles > http://www.google.com/#hl=en&sugexp=ldymls&xhr=t&q=dynamic+SQL+injection&cp= > 16&pf=p&sclient=psy&aq=0&aqi=&aql=&oq=dynamic+SQL+injec&pbx=1&fp=2d73bcec2e6 > e3c54 > > Advisor has an article "Prevent SQL Injection Attacks and Gain Performance > in Microsoft Visual FoxPro" but unless you are a subscriber, it's not > available > http://my.advisor.com/doc/18675 ----------------------------
SQL injection is a tough thing. When there is no textbox axis and it is not via the url you could be safe. It is hard to know how to do it and when to NOT use it. Just saying. -- Stephen Russell Sr. Production Systems Programmer CIMSgts 901.246-0159 cell _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
