apostrophe in sql
-
Hi Guys, I have a problem while inserting data containing ' into my MS SQL database through web form. I have formatted the string using stringvariablename.Replace("'","''").This is working in the local system.But not in the website.(ASP .NET 2.0,C#).And i want to know if there are anyother special characters which could raise exception while inserting. If anyone has solution for this kindly reply. Thanks Jith
-
Hi Guys, I have a problem while inserting data containing ' into my MS SQL database through web form. I have formatted the string using stringvariablename.Replace("'","''").This is working in the local system.But not in the website.(ASP .NET 2.0,C#).And i want to know if there are anyother special characters which could raise exception while inserting. If anyone has solution for this kindly reply. Thanks Jith
If you are using this in a web application, use the
HtmlEncodeandHtmlDecodemethods.HtmlEncodewhen inserting or updating data andHtmlDecodewhen retrieving data.
"A good programmer is someone who looks both ways before crossing a one-way street." -- Doug Linder
coolestCoder
-
Hi Guys, I have a problem while inserting data containing ' into my MS SQL database through web form. I have formatted the string using stringvariablename.Replace("'","''").This is working in the local system.But not in the website.(ASP .NET 2.0,C#).And i want to know if there are anyother special characters which could raise exception while inserting. If anyone has solution for this kindly reply. Thanks Jith
jithbiz0033 wrote:
I have formatted the string using stringvariablename.Replace("'","''").
You might want to read SQL Injection Attacks and tips on how to prevent them[^] and then start using parameterised queries.
Upcoming events: * Edinburgh: Web Security Conference Day for Windows Developers (12th April) * Glasgow: Introduction to AJAX (2nd May), SQL Server, Mock Objects My website
-
jithbiz0033 wrote:
I have formatted the string using stringvariablename.Replace("'","''").
You might want to read SQL Injection Attacks and tips on how to prevent them[^] and then start using parameterised queries.
Upcoming events: * Edinburgh: Web Security Conference Day for Windows Developers (12th April) * Glasgow: Introduction to AJAX (2nd May), SQL Server, Mock Objects My website
Hi Colin Nice article.It has cleared my future doubts in advance. Thanks:cool: Jith