[ic] "==" and "!=" as DB field values
Grant
listbox at email.com
Mon Oct 27 10:55:38 EST 2003
> Grant wrote:
>
> > I'm using the default DB, and I want to have a field in a table
> with either
> > "==" or "!=" (without the quotes) written to it. It would be
> involved in
> >
> > I remember reading to be careful about what you write to a
> database field,
> > so I'm making sure.
>
> Ah, i see. Make sure the database field is a varchar (text type) field,
> and things should be OK.
>
> Most problems with content of the field would mostly occur with control
> characters (ascii less than 32) and characters that need escaping in SQL
> strings.
>
> Behaviour for control characters within a string is undefined (what does
> SQL do if there is a carriage return or newline in a string before the
> string is terminated?).
>
> In SQL statements, strings are enclosed between apostrophes ('), so if
> your strings contain apostrophes and you want to send them to an SQL
> field, you need escape them by doubling them, otherwise the first
> apostrophe in your string will be considered to be string terminator. In
> the best case this would cause incorrect SQL syntax; in the worst case,
> an improperly escaped apostrophe can compromise the security of your
> application.
>
> Regards,
> Marc Brevoort
That's good info. Thanks Marc.
- Grant
More information about the interchange-users
mailing list