I check for single quote (') and handle that, and malicious attempts. But is it ok to have the newline characters in there(\r\n)? The always show up as the ASCII-square box, so I was wondering if I need to be stripping them out as well?
What other "normally used" text characters do I also need to watch out for, if any?
Thanks.I wouldn't think it would matter what you "put into a varchar" as long as when you "pull" the text back out you DISPLAY it in the same manner from where you saved it. That is, if you used a simple text box for a line of entry then it likely won't matter. But if you use a Rich Text Box for input, then you should use a Rich Text Box for output once the data is retrieved from the database, Newline characters and all. Even a single-quote won't matter as long as your ADO objects are written to allow single-quotes w/out needing to use escape characters or methods (such as double-single-quotes, or \', or whatever).
Otherwise, don't use a Rich Text Box or input or use simpler ASCII codes, if you are building a string, such as {Carriage Return} {Line Feed} rather than {Newline}.
Hope that helps.
No comments:
Post a Comment