Path: csiph.com!eternal-september.org!feeder.eternal-september.org!aioe.org!.POSTED!not-for-mail
From: =?UTF-8?B?R3VscMKu?= <gulp@hotmail.it>
Newsgroups: it.comp.java
Subject: Re: hsql
Date: Sun, 18 Oct 2015 14:12:55 +0200
Organization: Aioe.org NNTP Server
Lines: 16
Message-ID: <n002j0$1ok$2@speranza.aioe.org>
References: <mvravk$tfs$1@speranza.aioe.org> <mvskpp$va5$1@speranza.aioe.org> <mvt7v9$66t$1@speranza.aioe.org> <76878754-a9fe-4237-96a7-ec8309bff30f@googlegroups.com>
NNTP-Posting-Host: D0GFHcPSATp27Gc8BOC0Zw.user.speranza.aioe.org
Mime-Version: 1.0
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
X-Complaints-To: abuse@aioe.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
X-Notice: Filtered by postfilter v. 0.8.2
Xref: csiph.com it.comp.java:8660

Il 17/10/15 17:14, 4ndre4 ha scritto:
> On Saturday, 17 October 2015 11:30:05 UTC+1, Gulp®  wrote:
>
> [...]
>> from \"clienti\" Where " + nomecampo + "='" + Uty.Aposdouble(dacercare)
>
> Le query SQL *NON* si scrivono concatenando i valori dei campi. E` il modo migliore per cadere vittime di SQL Injection. Impara ad usare i parametri.
>

dai valore a nomecampo!

Non vedi che č una variabile?

-- 
Gulp®
(forse mi sono perso qualcosa :))