Well, I guess if there is no user input going into the query it's not a big dea,l of course if there is you should at least sanitize it to prevent injection. On Apr 10, 2016 2:39 PM, "Luiz Americo Pereira Camara" < luizameri...@gmail.com> wrote:
> > > 2016-04-10 16:29 GMT-03:00 Tony Caduto <tony.cad...@gmail.com>: > >> What about using a stored procedure to do it ? You could pass the list >> for the in as a string and handle it in the stored procedure. Of course >> that's no help if using sqlite or other that does not support stored >> procedures. >> > > I'm working with multiple DB engines, so i try to avoid non standard > syntax/features. > My workaround is working fine, so no need to break this rule > > Luiz > > _______________________________________________ > fpc-pascal maillist - fpc-pascal@lists.freepascal.org > http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal >
_______________________________________________ fpc-pascal maillist - fpc-pascal@lists.freepascal.org http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
