[AccessD] Worth Upgrading for?

David McAfee davidmcafee at gmail.com
Tue Jul 28 12:05:36 CDT 2009


Because it opens its self up to SQL injection.

Also dynamic SQL isn't optimized.

On Tue, Jul 28, 2009 at 7:16 AM, Drew Wutka <DWUTKA at marlow.com> wrote:

> Why is 'dynamically constructed' SQL statements such a sore subject?
>
> This is a little bit of a shocker to me.
>
> Drew
>
> -----Original Message-----
> From: accessd-bounces at databaseadvisors.com
> [mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Arthur Fuller
> Sent: Monday, July 27, 2009 1:12 PM
> To: Access Developers discussion and problem solving
> Subject: Re: [AccessD] Worth Upgrading for?
>
> I waited for the second coming of several women in my life, but I
> digress.
>
> This whole line of argument is IMO dangerous, treacherous, distributive
> of
> the responsibilty and location of the code, and perhaps a few other
> adjectives. I know that lots of you don't agree with me, but I will cite
> this whole thread as evidence in favor of my stance on this.
>
> Database code should reside in exactly one place -- the database. Stored
> procedures, triggers, event schedules, views, roles, security and so on
> should exist only in the database. Dynamically constructed SQL
> statements
> should be cause for the death penalty unless their coders can prove
> there is
> no other way to achieve the desired result.
>
> Ok. I'm all tuckered out. Just let me recap in one sentence: Everything
> the
> database *can* do, the database *should* do.
>
> Arthur
> --
> AccessD mailing list
> AccessD at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/accessd
> Website: http://www.databaseadvisors.com
> The information contained in this transmission is intended only for the
> person or entity
> to which it is addressed and may contain II-VI Proprietary and/or II-VI
> Business
> Sensitive material. If you are not the intended recipient, please contact
> the sender
> immediately and destroy the material in its entirety, whether electronic or
> hard copy.
> You are notified that any review, retransmission, copying, disclosure,
> dissemination,
> or other use of, or taking of any action in reliance upon this information
> by persons
> or entities other than the intended recipient is prohibited.
>
>
> --
> AccessD mailing list
> AccessD at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/accessd
> Website: http://www.databaseadvisors.com
>



More information about the AccessD mailing list