[AccessD] Data interface The best way

Stuart McLachlan stuart at lexacorp.com.pg
Thu Oct 13 16:42:17 CDT 2005


On 13 Oct 2005 at 11:30, David McAfee wrote:

> Charlotte, does that mean you are using dynamic SQL in the BE? I tend to see
> a lot more of that now that I am starting to use .Net more and more.
> Couldn't the xml file hold a list of sproc names and you could just execute
> a sproc instead? I was always instructed not to create SQL Strings in the
> front end as passing them to the back end was a security risk. This is of
> course, unless you are dealing with the possibility of SQL injection on the
> back end and not allowing certain characters and/or reserved words.
> 

The other article that caught my eye when looking at Arthurs "FUD":
http://www.simple-talk.com/2005/04/11/to-sp-or-not-to-sp-in-sql-server/-- 
Stuart





More information about the AccessD mailing list