[ic] "==" and "!=" as DB field values

Marc Brevoort marc.brevoort at armazemdedados.com
Mon Oct 27 18:19:44 EST 2003


Grant wrote:

> I'm using the default DB, and I want to have a field in a table with either
> "==" or "!=" (without the quotes) written to it.  It would be involved in
> 
> I remember reading to be careful about what you write to a database field,
> so I'm making sure.

Ah, i see. Make sure the database field is a varchar (text type) field, 
and things should be OK.

Most problems with content of the field would mostly occur with control 
characters (ascii less than 32) and characters that need escaping in SQL 
strings.

Behaviour for control characters within a string is undefined (what does 
SQL do if there is a carriage return or newline in a string before the 
string is terminated?).

In SQL statements, strings are enclosed between apostrophes ('), so if 
your strings contain apostrophes and you want to send them to an SQL 
field, you need escape them by doubling them, otherwise the first 
apostrophe in your string will be considered to be string terminator. In 
the best case this would cause incorrect SQL syntax; in the worst case, 
an improperly escaped apostrophe can compromise the security of your 
application.

Regards,
Marc Brevoort



More information about the interchange-users mailing list