Mr. Smith wrote:
The only one of those characters that should cause problems in a sql
statement is the apostrophe. Why are the other characters of concern to you?
Assuming you are properly delimiting any strings you concatenate into your
sql, none of these characters should cause any problems whatsoever. The only
exception is the apostrophe, which needs to be doubled if single quotes are
used to delimit strings in your statement.
Having said that, all issues with dual-meaning characters (such as the
apostrophe) can be avoided by the use of parameters, whether used in dynamic
sql statements, or passed to stored procedures (my preferred method). here
are some more of my comments on this matter (some of the posts apply to
http://www.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=e6lLVvOcDHA.1204%40TK2MSFTNGP12.phx.gblhttp ://tinyurl.com/jyy0http://www.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&threadm=O31NZa%230DHA.3436%40tk2msftngp13.phx.gb l&rnum=11&prev=/groups%3Fq%3Ddelimiter%2Bauthor:Bob%2Bauthor:Barro ws%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26start%3D10%26sa%3DNBob Barrows--Microsoft MVP - ASP/ASP.NETPlease reply to the newsgroup. This email account is my spam trap so Idon't check it very often. If you must reply off-line, then remove the"NO SPAM"