View Single Post
  #3 (permalink)  
Old April 10th, 2007, 08:17 PM
doug65536 doug65536 is offline
Registered User
 
Join Date: Apr 2007
Location: , , Canada.
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Concatenating a sql statement as shown is a very bad idea.
What if one of the strings contain a quote?
It screws up. Use parameterized queries!!!
Reply With Quote