August 22, 2005 at 10:35 am
Hi
I have a problem in inputing single code(') string into the SQL database. I wrote in ASP language and connect to the SQL server to insert the data.
If the data contains single code string (e.g women's group)the syntax error appears and it stops.
I tried to change the double code(")instead of single one to insert the data and then, it also has error "does not permit column name ...." or something like that.
How can i solve the problem to input the data that contains single code(')?
Any help appreciated. Thanks.
August 22, 2005 at 11:20 am
Insert into table (name) values (women''s group) will work. But you are better off using stored procs to do this work.
Check out the sql injection section of this article :
August 23, 2005 at 8:44 am
Can't you change it to the ansi charachter that it represents?
Like Chr(143) or similar?
August 23, 2005 at 9:00 am
Doubling it is simpler... just an easy s/r.
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply