cornall
06-03-2008, 04:23 AM
Hi All,
I am tasked with looking after an application with an Access Backend. I want to ensure the site is protected from SQL injections during login.
I have added a replace to get rid of any ' by escaping them to ''.
Is there an equivelent of bind variables in access?
in JAVA I would use a prepared statement
PreparedStatement prep = conn.prepareStatement("SELECT * FROM USERS WHERE USERNAME=? AND PASSWORD=?");
prep.setString(1, username);
prep.setString(2, password);
Is there an equivelent of this in VBA and VBScript or is doing my replace enough?
Hope this makes sense!
D
I am tasked with looking after an application with an Access Backend. I want to ensure the site is protected from SQL injections during login.
I have added a replace to get rid of any ' by escaping them to ''.
Is there an equivelent of bind variables in access?
in JAVA I would use a prepared statement
PreparedStatement prep = conn.prepareStatement("SELECT * FROM USERS WHERE USERNAME=? AND PASSWORD=?");
prep.setString(1, username);
prep.setString(2, password);
Is there an equivelent of this in VBA and VBScript or is doing my replace enough?
Hope this makes sense!
D