Hi
I am very familiar with insert statements, but how does a
value get passed for a user name and password from either
a web or windows application i.e
A simple insert statement would be
Insert into Table1
(username,password)values('bob','password')
but if you do not know the values of the username and
password are going to be then what would the query look
like.
So if I plan to make my password banana when I log onto
the application how would the script look like then,
would you leave the '' where banana would be as blank.
Insert into Table1
(username,password)values('bob','')
Thanks
Bob
BOB wrote:
> Hi
> I am very familiar with insert statements, but how does a
> value get passed for a user name and password from either
> a web or windows application i.e
> A simple insert statement would be
> Insert into Table1
> (username,password)values('bob','password')
> but if you do not know the values of the username and
> password are going to be then what would the query look
> like.
> So if I plan to make my password banana when I log onto
> the application how would the script look like then,
> would you leave the '' where banana would be as blank.
> Insert into Table1
> (username,password)values('bob','')
>
> Thanks
> Bob
First, we might enquire why you are storing user names and passwords in
a table. Can you rely on SQL Server's security mechanisms instead?
In general, though, is you have an attribute (column) in a table that
may contain unknown data, you allow NULL values. And you insert a NULL
or leave the column out of the insert operation altogether.
For web-based security, it's best to use Windows Authentication. Then no
passwords need to be sent at all. Some web servers may use hard-coded
connection strings to the server, but it's better to use Windows
Authentication.
Can you provide more detail about what you're trying to accomplish?
David Gugick
Imceda Software
www.imceda.com
No comments:
Post a Comment