Re: How can i escape special characters( % [ _ ) in an Access SQL statement?

From: "Anders Borum" <anders@xxxxxxxxxxxxxx>
Date: Tue, 28 Nov 2006 11:20:48 +0100

Hi!

It is a recommended practice to use @parameters to provide placeholders in
your Sql statements. Construct the Sql statement with parameters and assign
the values by mapping each value to the corresponding parameter. This has
the benefit of a much cleaner Sql statement and avoids potential code
injections.

Let me know if you need additional help on this.

--
With regards
Anders Borum / SphereWorks
Microsoft Certified Professional (.NET MCP)

.

References:
- How can i escape special characters( % [ _ ) in an Access SQL statement?
  - From: forest demon

Prev by Date: Re: Dealing cards
Next by Date: Re: Garbage Collection and unreferenced local variable
Previous by thread: Re: How can i escape special characters( % [ _ ) in an Access SQL stat
Next by thread: Focus-Lost Problem
Index(es):
- Date
- Thread

Relevant Pages

RE: Fetch without Execute...
... If you fix the execute, ... Is key a reserved word in MySQL? ... Also, you should be using placeholders, or at least DBI->quote, instead ... of interpolating external data directly into an SQL statement. ...
(perl.dbi.users)
Re: cgi.pm; DBI, filtering input?
... > I've decided to use HTML::Entities to do the tag encoding. ... > How would I use DBI placeholders in the case of a multiple insert? ... into one SQL statement. ...
(comp.lang.perl.misc)
Re: Re: Truncation Issues with SQL Server Insert Statement
... You know, to be more accurate, I am indeed using placeholders, ... after constucting my sql statement from my field names. ... amonotod (all lower case, btw... ...
(perl.dbi.users)
Re: Dynamic DTS Task Challenge
... hardcoded name and SQL statement that includes the database name. ... Then use an activeX task to replace placeholders in the sql statements with this database name. ... Helge ...
(microsoft.public.sqlserver.dts)