Hi,
I'm looking for some way how to make strings with aggresive characters safe
for usement in SQL queries for Microsoft SQL - just something, what would
add slashes before such characters.
Is there any function for that?
Thanks.
2  1146 
You can use;
str1 = str1.Replace("' ", "\'")
You can also change quotes to the HTML code for a quote like this;
str1 = str1.Replace("' ", "'")
When it gets sent to the screen it will appear as a '
Its hard to see but its taking single quote and replacing it with
\single quote. I use this all the time. I also have lots of data that
gets entered for web viewing only so I use the .Replace to change
VBCRLF's to <BR> so that the text appears exactly how it was entered in
the text box. Like this;
str1 = str.Replace(vbC rlf, "<br>")
Hope this helps,
Jeremy Reid http://hgtit.com
No.
That's why ADO.NET has parameterized queries..so you don't have to worry
abou tit. using string replacements will eventually land you in trouble
'cuz someone's gonna figure out a unicode character string or something
that'll eventually circumvent it. Plus it's messy.
command.Command Text = "SELECT blah from Table where X = @x");
command.Paramet ers.Add("@X", SqlDbType.VarCh ar, 64).value = someVariable;
no need to do anything more...
Another advantage to this is it makes your code easily upgradable to
sprocs...or downgradable to inline queries.
Karl
-- http://www.openmymind.net/ http://www.fuelindustries.com/
"blackstaronlin e.net" <jr***@blacksta ronline.net> wrote in message
news:11******** **************@ g44g2000cwa.goo glegroups.com.. . You can use;
str1 = str1.Replace("' ", "\'")
You can also change quotes to the HTML code for a quote like this;
str1 = str1.Replace("' ", "'")
When it gets sent to the screen it will appear as a '
Its hard to see but its taking single quote and replacing it with
\single quote. I use this all the time. I also have lots of data that
gets entered for web viewing only so I use the .Replace to change
VBCRLF's to <BR> so that the text appears exactly how it was entered in
the text box. Like this;
str1 = str.Replace(vbC rlf, "<br>")
Hope this helps,
Jeremy Reid
http://hgtit.com This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: BTnews |
last post by:
Hi,
Can anyone here point me at a definitive guide or tutorial about using
escape characters when building SQL queries from user entered data?
I'm especially interested in info on this in regard to Access databases and
(classic) ASP.
I've been writing ASP for just over a year now, and I've usually found very
comprehensive answers to other problems on one of the many excellent website
resources out there. The coverage of this...
|
by: LRW |
last post by:
I'm sorry, I don't know if this is a mySQL issue, or a Putty error, or
what. So if there's a better newsgroup for this question, please let
me know.
I'm using Putty to SSH into our remote Linux server. On one of our
mySQL databases, we have a table of users. One of the fields used to
store passwords we have as type "BLOG" and we use the ENCODE/DECODE to
encrypt passwords.
Now, when we do a select of a row from that table, because the
|
by: Albretch |
last post by:
I am trying to insert some textual data belonging to an HTML page into
a table column with 'TEXT' as data type
mysql's maual _/manual.html#String_types tell you, you may insert up
to (2^16 - 1), that is 65535 characters, but I am getting errors when
I try to insert a column larger than 236 characters.
Initially I thought it might be because I had to escape some
characters, but after playing a some scenarios and just inserting a
bunch...
|
by: anony |
last post by:
Hello,
I can't figure out why my parameterized query from an ASP.NET page is
dropping "special" characters such as accented quotes & apostrophes, the
registered trademark symbol, etc. These symbols insert without problem from
query analyzer, so that suggests it's something within ASP.NET. I've tried
using .NET textbox web controls as well as html textareas. I have a test
database set up with 4 fields: varchar, nvarchar, text, and...
|
by: Robin Munn |
last post by:
I'm developing a simple proof-of-concept Web application, more as a
personal programming exercise than anything else, that presents the user
with a login form where they can type in a database name, username, and
password. I then present them with a text field to type in SQL queries,
and hand back a nicely-formatted HTML table with the result of their
queries. Basically, just a programming exercise to get my feet wet with
the Web...
| | |
by: george.lengel |
last post by:
Hello experts,
I have been struggling for days to solve this problem and every
suggestion I find via Google does not work for me. There is probably a
solution out there that will do what I want, but I probably have not
properly implemented the solutions I find.
I am trying to make a page to allow personnel the ability to search our
backend DB (which is Ingres 2.0) through a web interface. Ingres has a
cgi program called ICE that can...
|
by: jason.teen |
last post by:
Hi,
when i am joining on a Column of Text Type with one of Memo type
the resulting entry has funny chinese characters!
Has anyone else encountered this before?
Is there a cure??
Cheers.
|
by: Dean |
last post by:
Hi, I have a table with non-unique identifiers. I need to take all
the values with the same ID's and combine them into one field with a
semicolon as a seperator. These values may exceed 255 characters. I
then need to count the values in the cell and see if it adds up to 240
or more and then shorten that field by cutting off the excess and
adding only "...and other". So, to recap, I need to summarise values
based on the ID field, count...
|
by: MTamas |
last post by:
Hello,
we have a legacy application written in C. It uses embedded sql to
connect to the database and to perform queries on it. Now we are
writing several extensions in .net, and it would be necessary to use
the same connection instance as the embedded sql because of
transactions. So I open the database connection in .net (Odbc, OleDb
and ibm .net data provider was also tried), and the embedded sql
queries can use it. However, when a...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
