Hello sir i am trying to code for display salary slip this code is use for inputing eid adn display salary slip but i have no idea what i will do
Document : Salary
Created on : Mar 24, 2012, 11:27:02 PM
Author : Rushi
No it doesn't. First of all, the () pair is completely useless. It's only required for nesting (mostly of WHERE clauses) and function calls, and your example shows neither. The '' pair is also unnecessary if the employee ID is a numeric value. There still is the danger of SQL injection, but your code doesn't solve that at all.
Sachin Kadian wrote:i am not talking about pair of () but about ' ' .. we must enclose variables in '"++"' i think....
No. This is only true for text literals, numeric literals go without quotes.
The code might be working even with numbers enclosed in quotes, but this introduces another potential bug related to implicit conversion. However, compared to the SQL injection vulnerability, this is an insignificant issue.