Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.databases.ms-sqlserver > #1228
| From | Gene Wirchenko <genew@ocis.net> |
|---|---|
| Newsgroups | comp.databases.ms-sqlserver |
| Subject | Re: Escape Characters in Strings |
| Date | 2012-08-22 13:53 -0700 |
| Organization | A noiseless patient Spider |
| Message-ID | <n5ha38dbi03o3npmc3emukmisrb2qevl53@4ax.com> (permalink) |
| References | <n03838l2qs18qe540g4fe6j3stemkeo5pr@4ax.com> <XnsA0B7614C3AD91Yazorman@127.0.0.1> <2s0a38toaa3n1th1e42kmat8n0ei6v9bah@4ax.com> <XnsA0B7D82775B60Yazorman@127.0.0.1> |
On Wed, 22 Aug 2012 21:14:55 +0200, Erland Sommarskog
<esquel@sommarskog.se> wrote:
>Gene Wirchenko (genew@ocis.net) writes:
>> My question was really whether there are any other escape
>> characters? Are there?
>
>No.
That is good to know. It has been hard to find such an answer
since my question is about a negative. Thank you very much.
>> No. I will be passing parameters, but I need to be sure that
>> they are properly delimited and escaped. For example, if I do not
>> escape quotes, it may allow trouble.
>
>As long as you don't build SQL strings from input data, there is no trouble.
I will be building only statements that execute stored
procedures. e.g.
execute ExampleProc 'abc',1,2,3
or
execute ExampleProc theString='abc',foo=1,bar=2,baz=3
Does that count?
I will not be building any other type of statement. No selects,
no inserts, no updates, etc.
>No need to delimit, no need to escape. Again from a strict SQL perspective.
>There may be business rules requiring you to deal with certain characters.
>But given that the apostrophe is an essential character in English
>ortography, I don't think that the single quote is one these characters.
Eh? Would that not be exactly why I need to concern myself with
it?
I had an computing instructor with the family name "O'Neil". He
had words about companies that messed up orders as a result of his
name. It was quite appropriate in an algorithms and data structures
course. Sadly, I have seen many HTML books that show how to build
forms really easily and totally skip this gotcha.
Sincerely,
Gene Wirchenko
Back to comp.databases.ms-sqlserver | Previous | Next — Previous in thread | Next in thread | Find similar
Escape Characters in Strings Gene Wirchenko <genew@ocis.net> - 2012-08-21 15:39 -0700
Re: Escape Characters in Strings Erland Sommarskog <esquel@sommarskog.se> - 2012-08-22 07:33 +0000
Re: Escape Characters in Strings Gene Wirchenko <genew@ocis.net> - 2012-08-22 09:10 -0700
Re: Escape Characters in Strings Erland Sommarskog <esquel@sommarskog.se> - 2012-08-22 21:14 +0200
Re: Escape Characters in Strings Gene Wirchenko <genew@ocis.net> - 2012-08-22 13:53 -0700
Re: Escape Characters in Strings Erland Sommarskog <esquel@sommarskog.se> - 2012-08-22 23:35 +0200
Re: Escape Characters in Strings Gene Wirchenko <genew@ocis.net> - 2012-08-22 17:38 -0700
Re: Escape Characters in Strings Erland Sommarskog <esquel@sommarskog.se> - 2012-08-23 10:22 +0000
Re: Escape Characters in Strings "Bob Barrows" <reb01501@NOSPAMyahoo.com> - 2012-08-23 07:05 -0400
Re: Escape Characters in Strings Erland Sommarskog <esquel@sommarskog.se> - 2012-08-23 23:13 +0200
Re: Escape Characters in Strings "Bob Barrows" <reb01501@NOSPAMyahoo.com> - 2012-08-23 18:22 -0400
Re: Escape Characters in Strings Erland Sommarskog <esquel@sommarskog.se> - 2012-08-24 07:40 +0000
Re: Escape Characters in Strings "Bob Barrows" <reb01501@NOSPAMyahoo.com> - 2012-08-24 06:16 -0400
csiph-web