Professional Web Applications Themes

Handling ';-* characters in SQL INSERT statement - ASP Database

Hi I have a form where the content of a TEXTAREA are one of the values posted to an .asp page which insert the values into a SQL database. For years I've had several converting routines to deal with "programming" charatcers such as ;*'- which makes the SQL statement fail. Is ther a "smooth" way to avoid this problem through converting the TEXTAREA value into ex. binary data, or other customized procedures which will wrap up the text string and avoid it bugging my script? Should I make a storedprocedure on my SQL server instead of running the SQL statement ...

  1. #1

    Default Handling ';-* characters in SQL INSERT statement

    Hi
    I have a form where the content of a TEXTAREA are one of the values posted
    to an .asp page which insert the values into a SQL database.
    For years I've had several converting routines to deal with "programming"
    charatcers such as ;*'- which makes the SQL statement fail.

    Is ther a "smooth" way to avoid this problem through converting the TEXTAREA
    value into ex. binary data, or other customized procedures which will wrap
    up the text string and avoid it bugging my script? Should I make a
    storedprocedure on my SQL server instead of running the SQL statement
    through .asp code?

    Reards
    Mr. Smith


    Mr. Guest

  2. #2

    Default Re: Handling ';-* characters in SQL INSERT statement

    Mr. Smith wrote: 

    The only one of those characters that should cause problems in a sql
    statement is the apostrophe. Why are the other characters of concern to you?
    Assuming you are properly delimiting any strings you concatenate into your
    sql, none of these characters should cause any problems whatsoever. The only
    exception is the apostrophe, which needs to be doubled if single quotes are
    used to delimit strings in your statement.

    Having said that, all issues with dual-meaning characters (such as the
    apostrophe) can be avoided by the use of parameters, whether used in dynamic
    sql statements, or passed to stored procedures (my preferred method). here
    are some more of my comments on this matter (some of the posts apply to
    Access):

    http://www.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=e6lLVvOcDHA.1204%40TK2MSFTNGP12.phx.gblhttp ://tinyurl.com/jyy0http://www.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&threadm=O31NZa%230DHA.3436%40tk2msftngp13.phx.gb l&rnum=11&prev=/groups%3Fq%3Ddelimiter%2Bauthor:Bob%2Bauthor:Barro ws%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26start%3D10%26sa%3DNBob Barrows--Microsoft MVP - ASP/ASP.NETPlease reply to the newsgroup. This email account is my spam trap so Idon't check it very often. If you must reply off-line, then remove the"NO SPAM"

    Bob Guest

  3. #3

    Default Re: Handling ';-* characters in SQL INSERT statement

    Bob Barrows [MVP] wrote: 
    >
    > The only one of those characters that should cause problems in a sql
    > statement is the apostrophe. Why are the other characters of concern
    > to you?
    > Assuming you are properly delimiting any strings you concatenate into
    > your
    > sql, none of these characters should cause any problems whatsoever.
    > The only
    > exception is the apostrophe, which needs to be doubled if single
    > quotes are
    > used to delimit strings in your statement.
    >
    > Having said that, all issues with dual-meaning characters (such as the
    > apostrophe) can be avoided by the use of parameters, whether used in
    > dynamic
    > sql statements, or passed to stored procedures (my preferred method).
    > here
    > are some more of my comments on this matter (some of the posts apply
    > to
    > Access):
    >
    >[/ref]

    Aargh! What happened to my line breaks?!?

    http://www.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=e6lLVvOcDHA.1204%40TK2MSFTNGP12.phx.gbl


    http://tinyurl.com/jyy0


    http://www.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&threadm=O31NZa%230DHA.3436%40tk2msftngp13.phx.gb l&rnum=11&prev=/groups%3Fq%3Ddelimiter%2Bauthor:Bob%2Bauthor:Barro ws%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26start%3D10%26sa%3DN






    --
    Microsoft MVP -- ASP/ASP.NET
    Please reply to the newsgroup. The email account listed in my From
    header is my spam trap, so I don't check it very often. You will get a
    quicker response by posting to the newsgroup.


    Bob Guest

Similar Threads

  1. Question Insert from ASP to SQL using recordset data as values in insert statement
    By JasonM in forum Microsoft SQL / MS SQL Server
    Replies: 0
    Last Post: June 13th, 05:54 PM
  2. Replies: 3
    Last Post: September 30th, 09:24 PM
  3. [PHP] Is PHP cable of handling ASCII characters???
    By Jay Blanchard in forum PHP Development
    Replies: 4
    Last Post: August 8th, 09:39 PM
  4. Is PHP cable of handling ASCII characters???
    By Scott Fletcher in forum PHP Development
    Replies: 0
    Last Post: August 8th, 08:51 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139