Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 Development Tools
 ASP.NET
 Validation for textboxes...

Author  Topic 

RichardBone
Starting Member

29 Posts
Posted - 2008-02-03 : 14:16:43
Single quotes are no longer a problem for SQL Server 2005? Because I tried entering single quote and entering it into the database and it didn't crash my program. So what any character entered in the textbox is not a problem now?

georgev
Posting Yak Master

122 Posts
Posted - 2008-02-15 : 08:29:43
Are you sure of that statement?
Post the code that you think was successful.

the reason single quotes are a "problem" for transact SQL is because they are used to define literal text.
The most common way to handle these is to replace them with double quotes.
[CODE]
DECLARE @x table (txt char(15))
INSERT INTO @x(txt)
VALUES('Richard''s Dog')
[/CODE]

George
<3Engaged!
Go to Top of Page

jsmith8858
Dr. Cross Join

7423 Posts
Posted - 2008-02-15 : 10:06:50
Single quotes or any character should NEVER be a problem for SQL Server, or any database, any version, if you simply write your code correctly and use parameters.

I highly recommend that you read this:

http://weblogs.sqlteam.com/jeffs/archive/2006/07/21/10728.aspx

and read up on SQL Injection.



- Jeff
http://weblogs.sqlteam.com/JeffS
Go to Top of Page
   

Subscribe to SQLTeam.com

SQLTeam.com Articles via RSS

SQLTeam.com Weblog via RSS

- Advertisement -

Resources

Articles

Forums

Blogs

Contact Us

About the Site