Boards.ie uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Click here to find out more x
Post Reply  
 
 
Thread Tools Search this Thread
28-03-2012, 23:10   #16
Gavin "shels"
Registered User
 
Join Date: Mar 2007
Location: The Tenters, Dublin 8
Posts: 13,391
Send a message via MSN to Gavin "shels"
Cheers Procasinator, I'm a little confused as to what the parameters are actually doing and how are they making the SQL more secure?
Gavin "shels" is offline  
Advertisement
28-03-2012, 23:25   #17
mewso
Moderator
 
mewso's Avatar
 
Join Date: Feb 1998
Location: To the left
Posts: 7,179
It's to do with sql injection. If your user enters something into an input on your form like "''; delete from table1" and you don't use parameters just append what they have entered to your sql then all rows in your table will be deleted:-

"select a, b, c from table where name = " & nameInput.Text

will result in a sql statement like this:-

select a, b, c from table where name = ''; delete from table1

Using parameters avoids this completely.
mewso is offline  
Thanks from:
Post Reply

Quick Reply
Message:
Remove Text Formatting
Bold
Italic
Underline

Insert Image
Wrap [QUOTE] tags around selected text
 
Decrease Size
Increase Size
Please sign up or log in to join the discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search



Share Tweet