Tutorial by Examples

Vulnerable Approach: Concatenated SQL string with form references

This is the typical approach for novice developers building SQL action queries. They are vulnerable to the Bobby Tables type SQL Injection attacks. Dim strSQL As String strSQL = "INSERT INTO Employees chrFirstName, chrLastName, chrPhone " _ & "VALUES ('" & M...

QueryDef Parameterized Query Approach

This approach will prevent a user from embedding a second SQL statement in their input for execution. Dim strSQL As String Dim db As DAO.Database Dim qdf As DAO.QueryDef strSQL = "PARAMETERS [FirstName] Text(255), [LastName] Text(255), [Phone] Text(255); " _ & "INS...

Page 1 of 1

logo rip
SUPPORT & PARTNERS
STAY CONNECTED

Get monthly updates about new articles, cheatsheets, and tricks.