This is Anthony Guzzo's TypePad Profile.
Join TypePad and start following Anthony Guzzo's activity
Anthony Guzzo
Recent Activity
In my experience... ADO 2.6:
strSQL = " SELECT * From Users Where UserName = ? "
Set cmd = New ADODB.Command
cmd.ActiveConnection = "_connectionString"
cmd.CommandText = strSQL
cmd.CommandType = adCmdText
cmd.Parameters.Append cmd.CreateParameter("@UserName", adVarChar, adParamInput, 20, UserName)
Set rsLocal = cmd.Execute
Any other examples?
Commented Nov 8, 2010 on Give me parameterized SQL, or give me death at Coding Horror
Give me parameterized SQL, or give me death
I have fairly strong feelings when it comes to the stored procedures versus dynamic SQL argument, but one thing is clear: you should never, ever use concatenated SQL strings in your applications. Give me parameterized SQL, or give me death. There are two good reasons you should never do this. ...
Anthony Guzzo is now following The Typepad Team
Nov 8, 2010
Subscribe to Anthony Guzzo’s Recent Activity
