[ic] "==" and "!=" as DB field values
Marc Brevoort
marc.brevoort at armazemdedados.com
Mon Oct 27 18:19:44 EST 2003
Grant wrote:
> I'm using the default DB, and I want to have a field in a table with either
> "==" or "!=" (without the quotes) written to it. It would be involved in
>
> I remember reading to be careful about what you write to a database field,
> so I'm making sure.
Ah, i see. Make sure the database field is a varchar (text type) field,
and things should be OK.
Most problems with content of the field would mostly occur with control
characters (ascii less than 32) and characters that need escaping in SQL
strings.
Behaviour for control characters within a string is undefined (what does
SQL do if there is a carriage return or newline in a string before the
string is terminated?).
In SQL statements, strings are enclosed between apostrophes ('), so if
your strings contain apostrophes and you want to send them to an SQL
field, you need escape them by doubling them, otherwise the first
apostrophe in your string will be considered to be string terminator. In
the best case this would cause incorrect SQL syntax; in the worst case,
an improperly escaped apostrophe can compromise the security of your
application.
Regards,
Marc Brevoort
More information about the interchange-users
mailing list