mailing list archives
Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory)
From: ct7 () UNICORNSREST ORG (W. Craig Trader)
Date: Wed, 9 Feb 2000 12:17:01 -0500
"Smith, Eric V." wrote:
Not true, at least for the case of MS Sql Server 7. The following
insert into customer (name, primary_contact)
values ('a', '4')
succeeds where primary_contact is of type int (I also tried numeric just to
be sure). I write code like this all of the time when I know the column
names but not their types.
Did you actually try this yourself before posting? What results did you
I don't have a copy of SQL Server lying around, but I can speak to
several other RDBMSes (Oracle 7 & 8, MS Access, MySQL, Informix, and other
lesser products) as well as the SQL 89 and SQL 92 standards. In standard
SQL, you must not use quotes around non-string constants. Numeric
constrants must be unquoted, Date/Time constants must use the Date/Time
delimiter (# for MS Access, other characters for other products).
Have you ever used anything besides Microsoft RDBMSes? Microsoft is
not well known for their ability to adhere to industry standards.
- Craig -
- Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory), (continued)