apostrophes in SQL statement

[Bob Barrows [MVP]]

We have a shop rule that requires us to use ADODB.Command objects when
passing parameters from a web request to SQL Server (not to mention
restricting SQL Server access to stored procedures ONLY). This also
renders the issue moot.

Good rule! It's pretty much what I was talking about when I said "using
parameters", with the following provisos:

It's possible to parameterize and run a non-stored-procedure query using the
Command object (although I never do it this way - I'm a big fan of stored
procedures)

It's possible to pass parameters to a stored procedure without using either
dynamic sql or an explicit Command object (classic ASP only) by using the
"stored-procedure-as-connection-method" technique, as I demostrated in my
other post to Robb.

Bob Barrows

 

[Dave Anderson]

It's possible to pass parameters to a stored procedure without using
either dynamic sql or an explicit Command object (classic ASP only)
by using the "stored-procedure-as-connection-method" technique, as I
demostrated in my other post to Robb.

Assuming the stored procedure name isn't in the namespace of the connection
methods and properties, I would imagine...



--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms. Please do not contact
me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.

 

[Bob Barrows [MVP]]

Assuming the stored procedure name isn't in the namespace of the
connection methods and properties, I would imagine...

Correct Good point. My naming convention for stored procedures would make
this impossible, but not everyone uses my naming convention ...

Bob Barrows