colon questionsThis is a discussion on colon questions within the JDBC JAVA forums in Framework and Interface Programming category; Lew wrote: > Lew wrote: >>>> String var1 = "Dianne''s horse"; >>>> String cmd = "UPDATE huxtable (descrip) VALUES ( '" + var1 + "' )"; >>>> // DO NOT EVER DO SQL IN THIS MANNER! >>>> // IT IS A SECURITY HOLE BIG ENOUGH TO COAST A TRUCK THROUGH! >>>> // USE PreparedStatement! > > Arne Vajhøj wrote: >> Besides the SQL looks very non standard. The standard is: >> >> INSERT INTO tbl VALUES(val); >> INSERT INTO tbl(fld) VALUES(val); >> UPDATE tbl SET fld=val; >> UPDATE tbl SET fld=val WHERE id=otherval; > > Actually, it's wrong, not non-standard. ... | ||||||||
| | ||||||||
| ||||||||
| Register | FAQ | Calendar | Search | Today's Posts | Mark Forums Read |
|
#11
07-03-2008, 04:22 PM
| |||
| |||
 Re: colon questions Lew wrote: > Lew wrote: >>>> String var1 = "Dianne''s horse"; >>>> String cmd = "UPDATE huxtable (descrip) VALUES ( '" + var1 + "' )"; >>>> // DO NOT EVER DO SQL IN THIS MANNER! >>>> // IT IS A SECURITY HOLE BIG ENOUGH TO COAST A TRUCK THROUGH! >>>> // USE PreparedStatement! > > Arne Vajhøj wrote: >> Besides the SQL looks very non standard. The standard is: >> >> INSERT INTO tbl VALUES(val); >> INSERT INTO tbl(fld) VALUES(val); >> UPDATE tbl SET fld=val; >> UPDATE tbl SET fld=val WHERE id=otherval; > > Actually, it's wrong, not non-standard. There is a 99.99% chance that it is wrong. But since the original poster did not say what database he was using, then I preferred just calling it "non standard" - some databases has some weird syntaxes. Arne  |
 |
« Previous Thread
|
Next Thread »
| Thread Tools | |
| Display Modes | |
Linear Mode
All times are GMT -5. The time now is 07:00 PM.
