Embedded-Sql without Sql-Injection

Do this and you can be legally shot:

So do this instead, at the **absolute** minimum:

(You should still be smacked around for not encapsulating your functionality, not using tiers, and not using a sproc, but you will not be shot)

To learn why the first example is so much worse than the second, read about Sql-Injection.

 

My book "Choose Your First Product" is available now.

It gives you 4 easy steps to find and validate a humble product idea.

Learn more.

(By the way, I read every comment and often respond.)

Your comment, please?

Your Name
Your Url (optional)
Note: I may edit, reuse or delete your comment. Don't be mean.