--- In firebird-support@yahoogroups.com, Adriano <fadrianoc@...> wrote:

>
> Hi Adam,
> >Does your development environment not support paramaters in queries?
> i think so, i use VB6 with last firebird and ODBC driver avaibile even
> if i haven't use parameter query before :-)

I am not even convinced that your error is generated by Firebird, it
may be but it may just be something you are appending to your string
can't be.

There are lots of problems with not using parameters.

1) Performance

Queries must be prepared every time they are changed which takes
longer. If you are running the same query with different parameters, it
is quicker.

2) Security

SQL Injection attacks are much easier. Using parameters, any attempt of
a SQL Injection will not affect the query.

3) Maintenance

It would take me 10 minutes to format your query into something I can
comprehend. I know it is an update ... set ... where ... query, but
mixed in with the SQL is VB specific stuff for adding quotes. It gets
even more complex when you must allow for region settings for currency
and date formats. When you use parameters, these sort of problems just
go away.


A quick google search returned:
http://www.4guysfromrolla.com/webtech/092601-1.2.shtml

It is ASP.NET but it should point you in a direction (hopefully the
right one, I have not used VB or ASP for years).

Check your help files for better instructions.

Adam