Loading ...
Sorry, an error occurred while loading the content.

1085Re: [SQLQueriesNoCode] @ usage

Expand Messages
  • rc@kc.rr.com
    Dec 6, 2004
      Cool! Thanks so much. It's starting to make much more sense.



      ----- Original Message -----
      From: Jeffrey Schoolcraft <jeffrey.schoolcraft@...>
      Date: Monday, December 6, 2004 7:44 am
      Subject: Re: [SQLQueriesNoCode] @<field> usage

      >
      >
      > Rob,
      >
      > I would make it a habit of always using parameterized queries when
      > hitting any database, especially when your input could be compromised
      > (it's exposed to a user in one form or another). This will help
      > prevent SQL Injection attacks.
      >
      > In it's simplest explanation, @fields are just variables in T-SQL.
      >
      >
      > use Northwind;
      > SELECT
      > CompanyName, ContactName, ContactTitle
      > FROM
      > customers
      > WHERE
      > postalcode = @postalcode
      >
      > then you'd add @postalcode as a parameter and execute the command..
      >
      > In pure T-SQL you'd need to do something like this:
      >
      > declare @postalcode varchar(10)
      >
      > set postalcode='67000'
      >
      > SELECT
      > CompanyName, ContactName, ContactTitle
      > FROM
      > customers
      > WHERE
      > postalcode = @postalcode
      >
      > In stored procedures you can use them as input parameters
      >
      > Your absolute best resource for all of this is MS SQL Books Online.
      > http://tinyurl.com/2b0o
      >
      > On Sat, 4 Dec 2004 12:33:16 -0600, Rob <rc@...> wrote:
      > >
      > >
      > >
      > > I'm pretty new at learning SQL queries, but a quick answer or
      > two here would
      > > be enough to get me started.
      > >
      > >
      > >
      > > What is the best scenario to take advantage of open variables on
      > a query
      > > using the @ sign? Or are the numerous reasons this can be used?
      > >
      > >
      > >
      > >
      > >
      > >
      > >
      > >
      > >
      > >
      > >
      > >
      > >
      > >
      > >
      > >
      > >
      > >
      > >
      > >
      > >
      > >
      > >
      > >
      > >
      > >
      > >
      > >
      > >
      > >
      > >
      > >
      > >
      > > Rob
      > >
      > > Yahoo! Groups Sponsor
      > >
      > > ADVERTISEMENT
      > >
      > >
      > > ________________________________
      > > Yahoo! Groups Links
      > >
      > > To visit your group on the web, go to:
      > > http://groups.yahoo.com/group/SQLQueriesNoCode/
      > >
      > > To unsubscribe from this group, send an email to:
      > > SQLQueriesNoCode-unsubscribe@yahoogroups.com
      > >
      > > Your use of Yahoo! Groups is subject to the Yahoo! Terms of
      > Service.
      >
      >
      > --
      > Jeff Schoolcraft
      > http://thequeue.net/blog/
      >
      > Thycotic Software Ltd
      > www.thycotic.com
      >
      >
      >
      >
      >
      > ------------------------ Yahoo! Groups Sponsor --------------------
      > ~-->
      > $4.98 domain names from Yahoo!. Register anything.
      > http://us.click.yahoo.com/Q7_YsB/neXJAA/yQLSAA/m7folB/TM
      > -------------------------------------------------------------------
      > -~->
      >
      >
      > Yahoo! Groups Links
      >
      >
      >
      >
      >
      >
      >
      >
    • Show all 3 messages in this topic