Stuart McLachlan
stuart at lexacorp.com.pg
Thu Oct 13 16:42:17 CDT 2005
On 13 Oct 2005 at 11:30, David McAfee wrote: > Charlotte, does that mean you are using dynamic SQL in the BE? I tend to see > a lot more of that now that I am starting to use .Net more and more. > Couldn't the xml file hold a list of sproc names and you could just execute > a sproc instead? I was always instructed not to create SQL Strings in the > front end as passing them to the back end was a security risk. This is of > course, unless you are dealing with the possibility of SQL injection on the > back end and not allowing certain characters and/or reserved words. > The other article that caught my eye when looking at Arthurs "FUD": http://www.simple-talk.com/2005/04/11/to-sp-or-not-to-sp-in-sql-server/-- Stuart