Reply to Re: query with a table name that has a space...

Your name:

Reply:


Posted by Erland Sommarskog on 06/08/05 01:11

vbnetrookie (bigjmt@hotmail.com) writes:
> Well thanks alot Martijn,
>
> Thoses extra quotes really made a difference. Now it all works!!
> here's the new string:
> Dim sqlStr As String = "SELECT DISTINCT Last_Name FROM [" & PubName &
> "] WHERE PostalCode ='" & postalcode & "' And Title='" & title & "'
> ORDER BY Last_Name "
>

And now for title enter the following string:

' DROP TABLE [AIM International] --

As a safety precaution, make sure that you have a backup of your database
available.



--
Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se

Books Online for SQL Server SP3 at
http://www.microsoft.com/sql/techinfo/productdoc/2000/books.asp

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация