Subject Re: [firebird-support] Noobie Null Date and Time woes
Author Martijn Tonies

> > Use a prepared statement. Dynamically constructing SQL is a serious
> > security loophole and a performance dog.
> >
> > I am not certain of the syntax for your language, but here it is in
> > Java. It is similar in Delphi.
> Thanks for the FUD. A "Prepared Statement" will be an equal "security
> while I imagine that a Search-and-Replace on a string would take much
> than simple string concatination. As a matter of fact, I invite you to try
> make a general use ReplaceString function that doesn't use string
> Enough with the Delphi-isms. While a lot of Delphi developers flock around
> there are some fortunate souls who have never worked with Pascal.

I fail to see how a ReplaceString would be bad on prepared statements?

Prepared statements really avoid SQL injection.

What's the point you're trying to make?

Martijn Tonies
Database Workbench - tool for InterBase, Firebird, MySQL, Oracle & MS SQL
Upscene Productions
Database development questions? Check the forum!