Gavin "shels" Registered User
#16

Cheers Procasinator, I'm a little confused as to what the parameters are actually doing and how are they making the SQL more secure?

mewso Moderator
#17

It's to do with sql injection. If your user enters something into an input on your form like "''; delete from table1" and you don't use parameters just append what they have entered to your sql then all rows in your table will be deleted:-

"select a, b, c from table where name = " & nameInput.Text

will result in a sql statement like this:-

select a, b, c from table where name = ''; delete from table1

Using parameters avoids this completely.

1 person has thanked this post

Want to share your thoughts?

Login here to discuss!