June 29, 2010 at 7:04 am
Our (3rd Party) ERP application does not allow single quotes (apostrophes) in text fields. The relevant issue for us is when customer and vendor names or product descriptions contain the apostrophe, i.e. Charlie's Seaside Restaurant. I'm a bit anal about being professional and if an important customer has an apostrophe in their name I would prefer to include it.
I know from my programming background that a little code to trap and replace ' with '' made the apostrophe acceptable. Way back in the 80's I created a function. Today's SQL, and other languages have the REPLACE function.
I don't know what language the app is written in. I know that SQL is used because we get a SQL Error when someone forgets and includes the apostrophe. Is there any reason, other than the vendor not wanting to deal with this issue that we have to live 'in the dark ages'?
[font="Verdana"]"The Road To Success Is Always Under Construction."[/font]
June 29, 2010 at 7:14 am
First , make sure you are not vulnerable to SQL Injection. It sounds very likely you are. Get your supplier to sort that ASAP. To fix that they would have to use parametrized queries. This would also fix your apostrophe problem.
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply