Msg#: 1902 posted 12:50 pm on Jun 16, 2004 (gmt 0)
By the way. Your code is leaving you wide open to an SQL Injection attack. Here is an example.
If the following value is provided in the game_name field
abc' having 1=1 ;
An error will occur that will most likely show the name of one or more tables. Suppose one of the table names is "games". The attacker can then use that to cause real problems by entering the following in the game_name field:
abc'; drop table games ;
You should always clean the values presented by users by (at least) escaping any apostrophes.
10q, and no one can do something to my web, the game_name field is a checkbox so you cant enter any value it gust auto take the value of the game_name which is the key in my table(mdb) + only admins can see this page and they wont even try to harm the web. =)
You still should get into the habit of practicing good coding habits. No matter where the code is actually showing, you should always make sure it's as secure as you can possibly make it. If you get into the habit of making all your code secure, you won't have to worry about where the code is, it will always be fine.