I have a web page where users insert some comments into a text area. users
are able to insert any character into this area. When they submit the
character ' and " causes problems. How can i allow these characters to be
inserted into the database( sql server 2000)?
I am using Java server page to process and insert the comments to the
database.
thanksHi,
Not quite sure what you are trying exactly. Just try using NVARCHAR data
type and see if it helps.
Thanks
Hari
SQL Server MVP
"panda" <panda@.discussions.microsoft.com> wrote in message
news:CF0A3B21-D97F-44C6-800B-88B3B54E501C@.microsoft.com...
> Hi
> I have a web page where users insert some comments into a text area. users
> are able to insert any character into this area. When they submit the
> character ' and " causes problems. How can i allow these characters to be
> inserted into the database( sql server 2000)?
> I am using Java server page to process and insert the comments to the
> database.
> thanks|||This would be less of a problem if you were using stored procedures. Since
you are probably sending query strings from the web page to the SQL Server,
you may be very vulnerable to SQL Injection attacks. (Write to me off line
and I will give you more information about your vulnerability.)
For the single quote, if you must store them, have the application double
(two single quotes) them before sending to SQL Server. The double quote
shouldn't be a problem -please confirm how you are experiencing the problem.
--
Arnie Rowland, Ph.D.
Westwood Consulting, Inc
Most good judgment comes from experience.
Most experience comes from bad judgment.
- Anonymous
"panda" <panda@.discussions.microsoft.com> wrote in message
news:CF0A3B21-D97F-44C6-800B-88B3B54E501C@.microsoft.com...
> Hi
> I have a web page where users insert some comments into a text area. users
> are able to insert any character into this area. When they submit the
> character ' and " causes problems. How can i allow these characters to be
> inserted into the database( sql server 2000)?
> I am using Java server page to process and insert the comments to the
> database.
> thanks|||HI,
I am trying to insert a ' charcerter. However the SQL syntax for inserting
nvarchar or strings use the ' character to determine the begining and the
end.
How do i go about inserting a ' character into the database?
"Hari Prasad" wrote:
> Hi,
> Not quite sure what you are trying exactly. Just try using NVARCHAR data
> type and see if it helps.
> Thanks
> Hari
> SQL Server MVP
> "panda" <panda@.discussions.microsoft.com> wrote in message
> news:CF0A3B21-D97F-44C6-800B-88B3B54E501C@.microsoft.com...
> > Hi
> >
> > I have a web page where users insert some comments into a text area. users
> > are able to insert any character into this area. When they submit the
> > character ' and " causes problems. How can i allow these characters to be
> > inserted into the database( sql server 2000)?
> >
> > I am using Java server page to process and insert the comments to the
> > database.
> >
> > thanks
>
>|||This is a multi-part message in MIME format.
--=_NextPart_000_05F8_01C6C63E.8066A380
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: quoted-printable
Use two of them, for example:
CREATE TABLE #MyTable
( RowID int IDENTITY
, MyStringValue varchar(100)
)
INSERT INTO #MyTable VALUES ('"This isn''t so obvious, is it?", said =Bill O''Shea to Terrance O''Donald.')
SELECT MyStringValue FROM #MyTable
DROP TABLE #MyTable
Hope that this helps...
-- Arnie Rowland, Ph.D.
Westwood Consulting, Inc
Most good judgment comes from experience. Most experience comes from bad judgment. - Anonymous
"panda" <panda@.discussions.microsoft.com> wrote in message =news:26E49E21-4F45-4F5E-ABD2-BD5E5D8771C4@.microsoft.com...
> HI,
> > I am trying to insert a ' charcerter. However the SQL syntax for =inserting > nvarchar or strings use the ' character to determine the begining and =the > end. > > How do i go about inserting a ' character into the database?
> > "Hari Prasad" wrote:
> >> Hi,
>> >> Not quite sure what you are trying exactly. Just try using NVARCHAR =data >> type and see if it helps.
>> >> Thanks
>> Hari
>> SQL Server MVP
>> >> "panda" <panda@.discussions.microsoft.com> wrote in message >> news:CF0A3B21-D97F-44C6-800B-88B3B54E501C@.microsoft.com...
>> > Hi
>> >
>> > I have a web page where users insert some comments into a text =area. users
>> > are able to insert any character into this area. When they submit =the
>> > character ' and " causes problems. How can i allow these characters =to be
>> > inserted into the database( sql server 2000)?
>> >
>> > I am using Java server page to process and insert the comments to =the
>> > database.
>> >
>> > thanks >> >> --=_NextPart_000_05F8_01C6C63E.8066A380
Content-Type: text/html;
charset="Utf-8"
Content-Transfer-Encoding: quoted-printable
=EF=BB=BF<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
&
Use two of them, for =example:
CREATE TABLE =#MyTable ( =RowID int IDENTITY , MyStringValue varchar(100) )
INSERT INTO #MyTable VALUES ('"This isn''t so obvious, is it?", =said Bill O''Shea to Terrance O''Donald.')
SELECT MyStringValue FROM #MyTable
DROP TABLE #MyTable
Hope that this helps...
-- Arnie Rowland, =Ph.D.Westwood Consulting, Inc
Most good judgment comes from =experience. Most experience comes from bad judgment. - Anonymous
"panda"
--=_NextPart_000_05F8_01C6C63E.8066A380--
No comments:
Post a Comment