>Actually, it is easy, just don't declare the variables as local in the >place where are they created. The calls for the method that does the save >(even if it's in a different class) will see those variables.
Only works in a monolithic app. Won't work in a setting where the values are populated in a different app or .exe or .dll from the one in which the SQL is executed. Anyway, private variables are problematic for a variety of reasons even within the same application. There is no magical "extra security" conferred by using ?somevariable as opposed to just mySQLCommand = CommandText + somevariable. ?somevariable is just a reference to the content of somevariable. If the type of somevariable is a string, and you don't validate somevariable before it becomes part of a SQL statement, you'll be in trouble either way. Ken Dibble www.stic-cil.org _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
