Loading ...
Sorry, an error occurred while loading the content.

1083Re: [SQLQueriesNoCode] @ usage

Expand Messages
  • Jeffrey Schoolcraft
    Dec 6, 2004
      Rob,

      I would make it a habit of always using parameterized queries when
      hitting any database, especially when your input could be compromised
      (it's exposed to a user in one form or another). This will help
      prevent SQL Injection attacks.

      In it's simplest explanation, @fields are just variables in T-SQL.


      use Northwind;
      SELECT
      CompanyName, ContactName, ContactTitle
      FROM
      customers
      WHERE
      postalcode = @postalcode

      then you'd add @postalcode as a parameter and execute the command..

      In pure T-SQL you'd need to do something like this:

      declare @postalcode varchar(10)

      set postalcode='67000'

      SELECT
      CompanyName, ContactName, ContactTitle
      FROM
      customers
      WHERE
      postalcode = @postalcode

      In stored procedures you can use them as input parameters

      Your absolute best resource for all of this is MS SQL Books Online.
      http://tinyurl.com/2b0o

      On Sat, 4 Dec 2004 12:33:16 -0600, Rob <rc@...> wrote:
      >
      >
      >
      > I'm pretty new at learning SQL queries, but a quick answer or two here would
      > be enough to get me started.
      >
      >
      >
      > What is the best scenario to take advantage of open variables on a query
      > using the @ sign? Or are the numerous reasons this can be used?
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      > Rob
      >
      > Yahoo! Groups Sponsor
      >
      > ADVERTISEMENT
      >
      >
      > ________________________________
      > Yahoo! Groups Links
      >
      > To visit your group on the web, go to:
      > http://groups.yahoo.com/group/SQLQueriesNoCode/
      >
      > To unsubscribe from this group, send an email to:
      > SQLQueriesNoCode-unsubscribe@yahoogroups.com
      >
      > Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.


      --
      Jeff Schoolcraft
      http://thequeue.net/blog/

      Thycotic Software Ltd
      www.thycotic.com
    • Show all 3 messages in this topic