Hi Dear Coder Friends;
i just discovered below insert type in MSSQL 2005 Automatic creating insert sentence but i couldn't use because there is a syntax error.
INSERT INTO [KimlikBilgileri]
([CvId]
,[KimlikNo]
,[Ad]
,[Soyad]
,[Cinsiyet]
,[DogumTarihi]
,[UlkeId]
,[DogumYeri]
,[MedeniDurumu])
VALUES
(<CvId, int,>
,<KimlikNo, char(11),>
,<Ad, varchar(50),>
,<Soyad, varchar(50),>
,<Cinsiyet, char(5),>
,<DogumTarihi, smalldatetime,>
,<UlkeId, int,>
,<DogumYeri, varchar(50),>
,<MedeniDurumu, varchar(8),>)
Question for above;
-- What's this type called?
-- does it make any security bug like injections?
i want to use this one as a stored proc to add "create proc KimlikBilgilerInsert as ". So i think i don't have to declare one by one
am i right?
Thank you for your valuable knowledge 
The syntax error is due to the datatypes. Remove all the datatype indicators.
This is called an INSERT statement.
Yes, it is susceptible to SQL Injection -there are very long varchar(50) fields, and there is no data validation. I would consider where the values are gathered, and if from textboxes on a form, then I would put this statement in a stored procedure and add some data validation code.
No comments:
Post a Comment