"Clay Dowling" <[EMAIL PROTECTED]> wrote: > John Elrick wrote: > > >> A much better solution than QuotedStr is to use queries with parameters. > >> If you're going to be running the query multiple times it also gives you > >> a > >> speed boost. > >> > > > > True, however, that assumes you will be running the query multiple times > > in a row, which I haven't experienced in our particular project. > > Even if you aren't running the query multiple times, the parametric query > is a good idea. It avoids any possibility of SQL injection, due either to > malicious users or programming mistakes. >
It is also faster, even if you are only doing the query once. -- D. Richard Hipp <[EMAIL PROTECTED]> ----------------------------------------------------------------------------- To unsubscribe, send email to [EMAIL PROTECTED] -----------------------------------------------------------------------------
