<div>
I just wanted to jump in and say you should be using parameterized queries. Unless you're doing some sort of manual examination, your SQL there is ripe for exploitation. &nbsp;You will be hacked - it's just a matter of time.
</div>


I just wanted to jump in and say you should be using parameterized queries. Unless you're doing some sort of manual examination, your SQL there is ripe for exploitation.  You will be hacked - it's just a matter of time.

<div>
<div class="content wysiwyg-content">
Help!!<br />
<br />
I'm getting the following error --<br />
<br />

<blockquote>
Conversion failed when converting the varchar value 'default.asp?ID =' to data type int.
</blockquote>
<br />
my code is --<br />
<br />

<pre><code id="code-10-27828197-1">select
CASE WHEN P.Title &lt;&gt; '' THEN P.Title ELSE N.Title END as Title,
CASE WHEN P.ID &lt;&gt; '' THEN 'default.asp?ID ='+P.ID+'&amp;amp='+P.SEOLink ELSE N.AlternativeURL END as URL
from [dbo].[MYNavigation] N
LEFT Join dbo.MyPage P
on N.PageID = P.ID
Where N.Live = 'Y'
Order By NavOrder</code></pre>
<br />
Thank you
</div>
</div>


Help!!

I'm getting the following error --

Conversion failed when converting the varchar value 'default.asp?ID =' to data type int.

my code is --

(CODE)

Thank you

Conversion failed when converting the varchar value 'default.asp?ID =' to data type int.

Microsoft SQL Server 2008 is a suite of relational database management system (RDBMS) products providing multi-user database access functionality.Component services include integration (SSIS), reporting (SSRS), analysis (SSAS), data quality, master data, T-SQL and performance tuning. Major improvements include the  Always On technologies and support for unstructured data types.

Microsoft SQL Server 2008

Microsoft SQL Server is a suite of relational database management system (RDBMS) products providing multi-user database access functionality.SQL Server is available in multiple versions, typically identified by release year, and versions are subdivided into editions to distinguish between product functionality. Component services include integration (SSIS), reporting (SSRS), analysis (SSAS), data quality, master data, T-SQL and performance tuning.

Microsoft SQL Server

Microsoft SQL Server 2005 is a suite of relational database management system (RDBMS) products providing multi-user database access functionality.Component services include integration (SSIS), reporting (SSRS), analysis (SSAS), data quality, master data, T-SQL and performance tuning. It includes support for managing XML data and allows a database server to be exposed over web services using Tabular Data Stream (TDS) packets encapsulated within SOAP (protocol) requests.