Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.java.databases > #202
| From | "=?UTF-8?B?QXJuZSBWYWpow7h" <=?utf-8?b?qxjuzsbwywpow7h@THRWHITE.remove-dii-this> |
|---|---|
| Subject | Re: colon questions |
| Message-ID | <486d34e3$0$90262$14726298@news.sunsite.dk> (permalink) |
| Newsgroups | comp.lang.java.databases |
| References | <oJudncKbAtO1S_fVnZ2dnUVZ_jGdnZ2d@comcast.com> |
| Date | 2011-04-27 15:22 +0000 |
| Organization | TDS.net |
To: comp.lang.java.databases Lew wrote: > Lew wrote: >>>> String var1 = "Dianne''s horse"; >>>> String cmd = "UPDATE huxtable (descrip) VALUES ( '" + var1 + "' )"; >>>> // DO NOT EVER DO SQL IN THIS MANNER! >>>> // IT IS A SECURITY HOLE BIG ENOUGH TO COAST A TRUCK THROUGH! >>>> // USE PreparedStatement! > > Arne Vajh|+j wrote: >> Besides the SQL looks very non standard. The standard is: >> >> INSERT INTO tbl VALUES(val); >> INSERT INTO tbl(fld) VALUES(val); >> UPDATE tbl SET fld=val; >> UPDATE tbl SET fld=val WHERE id=otherval; > > Actually, it's wrong, not non-standard. There is a 99.99% chance that it is wrong. But since the original poster did not say what database he was using, then I preferred just calling it "non standard" - some databases has some weird syntaxes. Arne --- * Synchronet * The Whitehouse BBS --- whitehouse.hulds.com --- check it out free usenet! --- Synchronet 3.15a-Win32 NewsLink 1.92 Time Warp of the Future BBS - telnet://time.synchro.net:24
Back to comp.lang.java.databases | Previous | Next — Previous in thread | Find similar
Re: colon questions "Lew" <lew@THRWHITE.remove-dii-this> - 2011-04-27 15:22 +0000 Re: colon questions "=?UTF-8?B?QXJuZSBWYWpow7h" <=?utf-8?b?qxjuzsbwywpow7h@THRWHITE.remove-dii-this> - 2011-04-27 15:22 +0000
csiph-web