Click here to Skip to main content
16,021,169 members
Home / Discussions / Database
   

Database

 
GeneralRe: SSMS 2016 and SQL Server 2008R2 Pin
#realJSOP27-Jun-18 2:46
professional#realJSOP27-Jun-18 2:46 
QuestionSQL Server Agent Monitoring Pin
#realJSOP26-Jun-18 1:48
professional#realJSOP26-Jun-18 1:48 
QuestionCheck for object existence sql server 2012 is creating stored procedure as dynamic sql Pin
indian14325-Jun-18 10:36
indian14325-Jun-18 10:36 
AnswerRe: Check for object existence sql server 2012 is creating stored procedure as dynamic sql Pin
Richard Deeming26-Jun-18 1:50
mveRichard Deeming26-Jun-18 1:50 
QuestionPDO/mySQL/PHP - when is it OK to NOT use parameter binding, when should I REALLY use it? Pin
needAbreakNow17-Jun-18 16:13
needAbreakNow17-Jun-18 16:13 
AnswerRe: PDO/mySQL/PHP - when is it OK to NOT use parameter binding, when should I REALLY use it? Pin
Jörgen Andersson17-Jun-18 19:29
professionalJörgen Andersson17-Jun-18 19:29 
AnswerRe: PDO/mySQL/PHP - when is it OK to NOT use parameter binding, when should I REALLY use it? Pin
Mycroft Holmes17-Jun-18 20:43
professionalMycroft Holmes17-Jun-18 20:43 
AnswerRe: PDO/mySQL/PHP - when is it OK to NOT use parameter binding, when should I REALLY use it? Pin
Eddy Vluggen18-Jun-18 0:27
professionalEddy Vluggen18-Jun-18 0:27 
To be fair, SQL Injection can only occur where the user has influence over the parameter. If your parameter is a constant, or provided by you, there's little risk since the user cannot change the statement that is going to be executed.

..but, parameterized queries are not done "just" to prevent SQL injection, they provide more benefits. While it may take you a minute longer to write it, it makes the code a lot more readable, improving maintainability. There's also an impact on performance[^] if you re-execute the query.

That's not something that every hobbyist wants to learn, so the advice has become that it is NEVER OK to NOT use them. I agree with that advice, since adding the code will not have a downside.

needAbreakNow wrote:
I do find it a bit clumsy and long sometimes and am tempted to just skip it.
This will sound rude but that's just being lazy. If it is worth doing at all, it is worth doing it correctly.

Upvoted for asking "why am I doing this"; it proves you are actually thinking about what you are doing, and trying to find alternatives.
Bastard Programmer from Hell Suspicious | :suss:
If you can't read my code, try converting it here[^]
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.

AnswerRe: PDO/mySQL/PHP - when is it OK to NOT use parameter binding, when should I REALLY use it? Pin
jschell23-Jun-18 5:12
jschell23-Jun-18 5:12 
QuestionPDO Get Previous and Next Record partially working Pin
needAbreakNow16-Jun-18 21:19
needAbreakNow16-Jun-18 21:19 
AnswerRe: PDO Get Previous and Next Record partially working Pin
Richard MacCutchan16-Jun-18 21:32
mveRichard MacCutchan16-Jun-18 21:32 
AnswerRe: PDO Get Previous and Next Record partially working Pin
Victor Nijegorodov16-Jun-18 22:45
Victor Nijegorodov16-Jun-18 22:45 
AnswerRe: PDO Get Previous and Next Record partially working Pin
needAbreakNow16-Jun-18 23:06
needAbreakNow16-Jun-18 23:06 
GeneralRe: PDO Get Previous and Next Record partially working Pin
Richard MacCutchan17-Jun-18 1:11
mveRichard MacCutchan17-Jun-18 1:11 
GeneralArgus Pin
Keith@Stand15-Jun-18 4:17
Keith@Stand15-Jun-18 4:17 
GeneralRe: Argus Pin
CHill6015-Jun-18 4:21
mveCHill6015-Jun-18 4:21 
GeneralRe: Argus Pin
jschell23-Jun-18 5:17
jschell23-Jun-18 5:17 
QuestionCode Expert Pin
Keith@Stand7-Jun-18 8:13
Keith@Stand7-Jun-18 8:13 
AnswerRe: Code Expert Pin
OriginalGriff7-Jun-18 8:16
mveOriginalGriff7-Jun-18 8:16 
AnswerRe: Code Expert Pin
Swinkaran7-Jun-18 18:39
professionalSwinkaran7-Jun-18 18:39 
GeneralRe: Code Expert Pin
Keith@Stand7-Jun-18 19:18
Keith@Stand7-Jun-18 19:18 
GeneralRe: Code Expert Pin
Mycroft Holmes17-Jun-18 20:51
professionalMycroft Holmes17-Jun-18 20:51 
GeneralRe: Code Expert Pin
jschell23-Jun-18 5:21
jschell23-Jun-18 5:21 
AnswerRe: Code Expert Pin
Christopher Stewart27-Jun-18 10:47
Christopher Stewart27-Jun-18 10:47 
QuestionRunning the Package in different versions of SQL Server Pin
indian1434-Jun-18 10:34
indian1434-Jun-18 10:34 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.