|
Click to See Complete Forum and Search --> : [RESOLVED] SQL Server doesn't like quotes! dglienna September 22nd, 2008, 03:00 PM I have some memo fields, as well as NVCHAR() that has quotes in it. What is the best solution to this? We need to copy ads that have quotes. I've tried to double them up, but had a problem with memo's, so I deleted them temporarily. Alsvha September 23rd, 2008, 03:23 AM If you mean the ' (single quotation mark, ping or what else it is called) character - it should be escaped by itself meaning '' (2 times ') If you mean the " (double quotation mark) then SQL Server should have no problems with these inside text strings. HairyMonkeyMan September 23rd, 2008, 05:09 AM Using parameters in your connection object also solves this. dglienna September 23rd, 2008, 03:43 PM So I can have this? "This is today's latest hit: 'This is It'" as a parameter? if so, then that's the answer. thanks. HairyMonkeyMan September 24th, 2008, 05:55 AM Yessir.. remember to set the type in the parameter object. hspc September 24th, 2008, 10:32 AM I have some memo fields, as well as NVCHAR() that has quotes in it. What is the best solution to this? We need to copy ads that have quotes. I've tried to double them up, but had a problem with memo's, so I deleted them temporarily. Can you give more explanation to the problem ? Or post the complete query that makes the problem so I can tell how to rewrite it? dglienna September 25th, 2008, 01:29 AM The problem was SQL Injection. Strings had ' marks, which ended the statement prematurely. Descriptions were pasted in from ad copy. hspc September 25th, 2008, 06:46 AM Depending on the language you use, you can stop SQL injection in several ways. Some techniques are mentioned here (http://www.unixwiz.net/techtips/sql-injection.html#miti). Parameterized queries are the best option for .net code. codeguru.com
Copyright Internet.com Inc., All Rights Reserved. |
|