Levi Levi - 3 years ago 103
SQL Question

What does the "@" symbol do in SQL?

I was browsing through the questions and noticed this:

SELECT prodid, issue
FROM Sales
WHERE custid = @custid
AND datesold = SELECT MAX(datesold)
FROM Sales s
WHERE s.prodid = Sales.prodid
AND s.issue = Sales.issue
AND s.custid = @custid


I was wondering what the "@" does in front of custID? Is it just a way of referencing the custID from the table being selected?

Answer Source

The @CustID means it's a parameter that you will supply a value for later in your code. This is the best way of protecting against SQL injection. Create your query using parameters, rather than concatenating strings and variables. The database engine puts the parameter value into where the placeholder is, and there is zero chance for SQL injection.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download