Sorry, I pressed send to early. It also executes the select with Exec. So much about query optimizer, data exection plan, built-in statistics. Frankly, if I'd be his boss I'd fire him ON THE SPOT.
On Mon, Jun 27, 2011 at 2:55 PM, Grigore Dolghin <[email protected]> wrote: > I watched the video. While I agree that works, it still sucks. "DROP" > can be LEGIT data. I just don't understand why people avoid a built-in > fail-proof method readily available and use instead all sorts of > improvisations. WTF. What if @Filters is longer than 200 chars? > > On Mon, Jun 27, 2011 at 2:49 PM, Stephen Russell <[email protected]> > wrote: >> On Sun, Jun 26, 2011 at 8:19 PM, Ken Dibble <[email protected]> wrote: >>> >>>> > 2. Many search engines strip out punctuation of all kinds, and sometimes >>>> > even spaces, in user input, before submitting the search term to a query. >>>> > This is what Google does, in essence (though I'm sure they're much more >>>> > sophisticated about it than I can be). >>>> >>>>Thankfully it doesn't. I regularly have to add quotes to my Google >>>>searches. >>> >>> Well, Google and other search engines use double quotes for "exact" search. >>> That doesn't mean you're searching for content containing double quotes, >>> and Google could strip them off after it gets the message to do an exact >>> comparison before it runs the query. >>> >>> I don't even know if Google uses SQL--they may have some altogether more >>> efficient proprietary query method. >> --------------- >> >> Preventing SQL Injection With String Filtering >> >> <http://www.sqlshare.com/player.aspx?vid=539> >> >> >> >> >> -- >> Stephen Russell >> >> Unified Health Services >> 60 Germantown Court >> Suite 220 >> Cordova, TN 38018 >> >> Telephone: 888.510.2667 >> >> 901.246-0159 cell >> [excessive quoting removed by server] _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
