Can I just confirm that using a parameter doesn't introduce any sort of wildcard facility?

That is, if I use

DELETE FROM table WHERE MyColumn = :USER_INPUT

that the user cannot enter anything that could ever delete more than one record (assuming MyColumn is unique).

I don't want to end up with some sort of LIKE where they can match anything.

--

Matthew Jones

Matthew


Certainly - off you go and confirm it then

Or alternatively with the syntax you have even if the user types 'DELETE * FROM TABLEX' nothing much will happen unless you have a row where MyColumn = 'DELETE * FROM TABLEX'

Roy Lambert

Roy Lambert wrote:

> Matthew
>
>
> Certainly - off you go and confirm it then
>
> Or alternatively with the syntax you have even if the user types 'DELETE * FROM TABLEX' nothing much will happen unless you have a row where MyColumn = 'DELETE * FROM TABLEX'

Thanks - I just had that moment of dread... Better to double check with the expert. 8-)

--

Matthew Jones

Matthew


>Thanks - I just had that moment of dread... Better to double check with the expert. 8-)

In that case you'll just have to wait for an expert to appear - I'm not one - I didn't even spot the lack of a WHERE clause in Adam's post!!

Roy Lambert

Roy,

<< In that case you'll just have to wait for an expert to appear - I'm not one - I didn't even spot the lack of a WHERE clause in Adam's post!! >>

Forest/trees issues are more a reflection of our age/eyesight than our expertise. Or so I keep telling myself...

Tim Young
Elevate Software
www.elevatesoft.com

Tim


>Forest/trees issues are more a reflection of our age/eyesight than our expertise. Or so I keep telling myself...

Many thanks for that - first chuckle of the day.

Roy