Jason Dodson wrote:

>Thanks for the FUD. A "Prepared Statement" will be an equal "security risk",
>while I imagine that a Search-and-Replace on a string would take much longer
>than simple string concatination. As a matter of fact, I invite you to try and
>make a general use ReplaceString function that doesn't use string concatination.
>
>Enough with the Delphi-isms. While a lot of Delphi developers flock around here,
>there are some fortunate souls who have never worked with Pascal.
>
>

Jason,

I am not the moderator, and I ask for excuses for anyone mainly for you,
if this is not the case, but why use such rude statements ? I have read
your last messages and saw this kind of answer, but don't understand why.

Take easy, we are here to help and to get help from the others, I see no
reason for such behaviour.

SQL injection is one of errors I see in the wild.

Prepared Statemens avoid this kind of breach.

Of course one could write string concatenation and take care about
messy quotes and avoid SQL injection.

But prepared statements are far away from doing just this, but I think
you already know it.

see you !

--
Alexandre Benson Smith
Development
THOR Software e Comercial Ltda
Santo Andre - Sao Paulo - Brazil
www.thorsoftware.com.br