[AccessD] Worth Upgrading for?

Drew Wutka DWUTKA at Marlow.com
Tue Jul 28 15:24:24 CDT 2009 

I see.  Did you realize that Access doesn't allow for a SQL comment
character?  That eliminates a SQL Injection threat, unless the code is
VERY VERY poorly written.  

I realize the optimization issue, but in my experience, my SQL rarely
needs a speed boost.  

I guess I'm curious, because I tend to build class structured business
logic, and it just makes more sense to have the SQL in the classes to
make them more flexible....

Drew

-----Original Message-----
From: accessd-bounces at databaseadvisors.com
[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of David McAfee
Sent: Tuesday, July 28, 2009 12:06 PM
To: Access Developers discussion and problem solving
Subject: Re: [AccessD] Worth Upgrading for?

Because it opens its self up to SQL injection.

Also dynamic SQL isn't optimized.

On Tue, Jul 28, 2009 at 7:16 AM, Drew Wutka <DWUTKA at marlow.com> wrote:

> Why is 'dynamically constructed' SQL statements such a sore subject?
>
> This is a little bit of a shocker to me.
>
> Drew
>
The information contained in this transmission is intended only for the person or entity 
to which it is addressed and may contain II-VI Proprietary and/or II-VI Business 
Sensitive material. If you are not the intended recipient, please contact the sender 
immediately and destroy the material in its entirety, whether electronic or hard copy. 
You are notified that any review, retransmission, copying, disclosure, dissemination, 
or other use of, or taking of any action in reliance upon this information by persons 
or entities other than the intended recipient is prohibited.

More information about the AccessD mailing list