Embedded-Sql without Sql-Injection

Do this and you can be legally shot:

So do this instead, at the **absolute** minimum:

(You should still be smacked around for not encapsulating your functionality, not using tiers, and not using a sproc, but you will not be shot)

To learn why the first example is so much worse than the second, read about Sql-Injection.


I'm currently writing a book about how to build your first product. If you want to build your first product, please sign up to be notified when the book is available.

(By the way, I read every comment and often respond.)

Your comment, please?

Your Name
Your Url (optional)
Note: I may edit, reuse or delete your comment. Don't be mean.