Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.databases.ms-sqlserver > #1228

Re: Escape Characters in Strings

Show key headers only | View raw

On Wed, 22 Aug 2012 21:14:55 +0200, Erland Sommarskog
<esquel@sommarskog.se> wrote:

>Gene Wirchenko (genew@ocis.net) writes:
>>      My question was really whether there are any other escape
>> characters?  Are there?
>
>No.

     That is good to know.  It has been hard to find such an answer
since my question is about a negative.  Thank you very much.

>>      No.  I will be passing parameters, but I need to be sure that
>> they are properly delimited and escaped.  For example, if I do not
>> escape quotes, it may allow trouble.
> 
>As long as you don't build SQL strings from input data, there is no trouble. 

     I will be building only statements that execute stored
procedures.  e.g.
           execute ExampleProc 'abc',1,2,3
or
           execute ExampleProc theString='abc',foo=1,bar=2,baz=3
Does that count?

     I will not be building any other type of statement.  No selects,
no inserts, no updates, etc.

>No need to delimit, no need to escape. Again from a strict SQL perspective. 
>There may be business rules requiring you to deal with certain characters. 
>But given that the apostrophe is an essential character in English 
>ortography, I don't think that the single quote is one these characters.

     Eh?  Would that not be exactly why I need to concern myself with
it?

     I had an computing instructor with the family name "O'Neil".  He
had words about companies that messed up orders as a result of his
name.  It was quite appropriate in an algorithms and data structures
course.  Sadly, I have seen many HTML books that show how to build
forms really easily and totally skip this gotcha.

Sincerely,

Gene Wirchenko

Back to comp.databases.ms-sqlserver | Previous | Next — Previous in thread | Next in thread | Find similar | Unroll thread

Thread

Escape Characters in Strings Gene Wirchenko <genew@ocis.net> - 2012-08-21 15:39 -0700
  Re: Escape Characters in Strings Erland Sommarskog <esquel@sommarskog.se> - 2012-08-22 07:33 +0000
    Re: Escape Characters in Strings Gene Wirchenko <genew@ocis.net> - 2012-08-22 09:10 -0700
      Re: Escape Characters in Strings Erland Sommarskog <esquel@sommarskog.se> - 2012-08-22 21:14 +0200
        Re: Escape Characters in Strings Gene Wirchenko <genew@ocis.net> - 2012-08-22 13:53 -0700
          Re: Escape Characters in Strings Erland Sommarskog <esquel@sommarskog.se> - 2012-08-22 23:35 +0200
            Re: Escape Characters in Strings Gene Wirchenko <genew@ocis.net> - 2012-08-22 17:38 -0700
              Re: Escape Characters in Strings Erland Sommarskog <esquel@sommarskog.se> - 2012-08-23 10:22 +0000
          Re: Escape Characters in Strings "Bob Barrows" <reb01501@NOSPAMyahoo.com> - 2012-08-23 07:05 -0400
            Re: Escape Characters in Strings Erland Sommarskog <esquel@sommarskog.se> - 2012-08-23 23:13 +0200
              Re: Escape Characters in Strings "Bob Barrows" <reb01501@NOSPAMyahoo.com> - 2012-08-23 18:22 -0400
                Re: Escape Characters in Strings Erland Sommarskog <esquel@sommarskog.se> - 2012-08-24 07:40 +0000
                Re: Escape Characters in Strings "Bob Barrows" <reb01501@NOSPAMyahoo.com> - 2012-08-24 06:16 -0400

csiph-web