Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#26 Parameter replacement

open
nobody
None
5
2005-05-04
2005-05-04
Anonymous
No

MyQuery String:
-------------------------------------------------
INSERT INTO Members(memEmail,memCity) VALUES
(@email,@city)

MyParams:
-------------------------------------------------
p1
ParameterName: @email
ParameteValue: test@city.com
-------------------------------------------------
p2
ParameterName: @city
ParameteValue: Montreal

The Problem:
-------------------------------------------------
The parameters are injected in the query string in a
loop.
After the first replacement the @email is replaced by
test@city.com.
Now we have:
INSERT INTO Members(memEmail,memCity) VALUES
('test@city.com',@city)
After the second replacement the @city is replaced by
Montreal.
Now we have:
INSERT INTO Members(memEmail,memCity) VALUES
('testMontreal.com',Montreal)
All occurence of @city was replaced.

Discussion