Hi I wonder whether in MS Access we can actually give a comment, I look in a lot of web sites, all people said that it was not possible in Access SQL to give comment Is this true, if yes then if I use MS access as my database and if I don't use stored procedure.
It will still be fine as user can not use SQL injection to my database ?? I wonder why no one notice about this problem in Access Hope someone can Help me as I really want to know whether it is possible ??? Thank's
Shoot for the moon and if you miss, you'll still be in the stars
> Hi I wonder whether in MS Access we can actually give a comment what do you mean by 'a comment' in this case? > Is this true, if yes then if I use MS access as my database and if I don't use stored procedure. It will still be fine as user can not use SQL
injection to my database ?? what does SQL injection have to do with comments? SQL Injection attacks can be prevented quite easily in Access in just the same way as with SQL Server. In fact, Access is less injectable because it doesn't support multiple SQL
statements in a single procedure and has limited subquery support Now if you'll rephrase your question and explain what you're getting at, maybe we can help you sort this out. j
RTFM - straight talk for web developers. Unmoderated, uncensored, occasionally unreadable
Using comments (--) is not the only mechanism that can be used to inject sql. I have got examples. You should properly safeguard your code against such attacks. Simplest of methods for to prevent sql injection is to use the Replace() function often, as in replace(Request.QueryString("string_value"),
"'", "''").
triandy_guna...
Participant
830 Points
166 Posts
Access SQL comment
Sep 05, 2003 05:48 AM|LINK
Atrax
All-Star
18705 Points
3733 Posts
Re: Access SQL comment
Sep 05, 2003 07:18 AM|LINK
Jason Brown - MVP, IIS
triandy_guna...
Participant
830 Points
166 Posts
Re: Access SQL comment
Sep 08, 2003 06:15 PM|LINK
salman_arsha...
Member
186 Points
38 Posts
Re: Access SQL comment
Sep 16, 2003 07:24 AM|LINK