Gavin "shels" Registered User

Cheers Procasinator, I'm a little confused as to what the parameters are actually doing and how are they making the SQL more secure?

mewso Moderator

It's to do with sql injection. If your user enters something into an input on your form like "''; delete from table1" and you don't use parameters just append what they have entered to your sql then all rows in your table will be deleted:-

"select a, b, c from table where name = " & nameInput.Text

will result in a sql statement like this:-

select a, b, c from table where name = ''; delete from table1

Using parameters avoids this completely.

1 person has thanked this post

Want to share your thoughts?

Login here to discuss!