Re: SQL Message
- From: "Peter Jamieson" <pjj@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 5 Jul 2006 19:56:20 +0100
Microsoft has a Knowledgebase article about this:
"Opening This Will Run the Following SQL Command" Message When You Open a
Word Document"
at
http://support.microsoft.com?kbid=825765
However, its explanation is geared to people who know what SQL is and why
you might be getting messages about it at this point. I do not work for
Microsoft and can only surmise why their software displays this message,
but...
The overview is that when Word gets data from a data source, it may invoke
another program (for example, Access) to do it. It uses the programming
language SQL to tell the other program what data it wants. But Word has no
control over what that program does - it could in theory do anything within
the security constraints imposed by Windows. In other words, you might think
you have requested a list of customers with addresses in "Chicago", but a
rogue data source might e-mail all those customers, or do something else
that has nothing to do with those customers.
By prompting before it connects to the data source, Word is in effect saying
"what this other program I'm about to invoke does is not my responsibility -
are you sure it's going to do what you think?"
Precisely what value that has, and what you do about it, is another
question. How on earth can an end user know what is going to happen if they
click the "Yes" button? (In fact, it's not completely clear from the message
what happens if they click the "No" button either :-) ). Chances are, they
just try to get to the next step, or ask their supervisor, who probably
can't be sure either. In the end, someone in the "chain of command" ends up
making a judgment call as to whether executing that SQL query is "safe" or
not. In a well-administered system, it probably is. In a well-administered
system, it may make sense to suppress the prompt by applying the registry
changes described in the article I mentioned.
Just by way of example, as far as I know, I have never invoked any
unexpected rogue code as a result of answering "Yes" to that question, and
tend to apply the KB article so I don't see the question any more. When I
suddenly start getting demands for $1000 fom everyone in the world whose
name begins with "B" perhaps I will regret it...
Peter Jamieson
"Brenda Rueter" <bkrueteNOSPAM@xxxxxxxxxxxx> wrote in message
news:ujRHgNFoGHA.4352@xxxxxxxxxxxxxxxxxxxxxxx
I have noticed that since being converted to Word XP, performing a mail
merge usually (maybe always?) produces the following dialog box:
"Opening this document will run the following SQL command:
SELECT * FROM '{gives data file name}'
Data from your database will be placed in the document. Do you want to
continue?
Yes No"
Can someone explain to me what all this means? If I client YES, the merge
proceeds. However, I don't know how to explain this behavior to others.
Thanks!
.
- Follow-Ups:
- Re: SQL Message
- From: Brenda Rueter
- Re: SQL Message
- References:
- SQL Message
- From: Brenda Rueter
- SQL Message
- Prev by Date: SQL Message
- Next by Date: Re: SQL Message
- Previous by thread: SQL Message
- Next by thread: Re: SQL Message
- Index(es):
Relevant Pages
|
