Tuesday, February 14, 2012

character(s) that cannot be stored in DB

Does any one know if there're certain character(s) that
cannot be stored in the DB which is similar to Windows
cannot have " or * etc.?
Thanks
Owen
Not really. But the character repertoire is based on the collation selected for the
column/database/server.
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://www.solidqualitylearning.com/
"Owen" <owen_lin@.hotmail.com> wrote in message news:12f901c4a5f1$04a6acf0$a601280a@.phx.gbl...
> Does any one know if there're certain character(s) that
> cannot be stored in the DB which is similar to Windows
> cannot have " or * etc.?
> Thanks
> Owen
|||Thanks for your reply Tibor.
I am in a situation where the company that is hosting my
web site has told me that I cannot enter characters ' and
+ in the column as it will cause problem, I can enter "
however. What can you suggest that I tell them as I do
need to input those characters.
Thanks
Owen

>Not really. But the character repertoire is based on the
collation selected for the
>column/database/server.
>--
>Tibor Karaszi, SQL Server MVP
>http://www.karaszi.com/sqlserver/default.asp
>http://www.solidqualitylearning.com/
>
>"Owen" <owen_lin@.hotmail.com> wrote in message
news:12f901c4a5f1$04a6acf0$a601280a@.phx.gbl...[vbcol=seagreen]
|||Ask them what they mean by "it will cause problem". SQL Server can certainly handle this. Who wrote
the application you are using?
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://www.solidqualitylearning.com/
"Owen" <owen_lin@.hotmail.com> wrote in message news:35f801c4a601$fd6b9200$a501280a@.phx.gbl...[vbcol=seagreen]
> Thanks for your reply Tibor.
> I am in a situation where the company that is hosting my
> web site has told me that I cannot enter characters ' and
> + in the column as it will cause problem, I can enter "
> however. What can you suggest that I tell them as I do
> need to input those characters.
> Thanks
> Owen
> collation selected for the
> news:12f901c4a5f1$04a6acf0$a601280a@.phx.gbl...
|||"Owen" <owen_lin@.hotmail.com> wrote in message
news:35f801c4a601$fd6b9200$a501280a@.phx.gbl...
> Thanks for your reply Tibor.
> I am in a situation where the company that is hosting my
> web site has told me that I cannot enter characters ' and
> + in the column as it will cause problem, I can enter "
> however. What can you suggest that I tell them as I do
> need to input those characters.
My guess is they're trying to trap certain stuff to prevent SQL Injection
attacks.
However, allowing " isn't smart in that case.
|||I spoke to the company that is hosting my web site and DB, although I did not
asked them in details as to what sort of problem it might cuase or have
caused in the past, but they did told me that it has been a problem in the
past where their hosting site(s) needing to store ' within SQL and have
encountered some issue.
They have asked me to seek advice on their behalf as to what can/should they
do to overcome such problem.
Many thanks
Owen
"Tibor Karaszi" wrote:

> Ask them what they mean by "it will cause problem". SQL Server can certainly handle this. Who wrote
> the application you are using?
> --
> Tibor Karaszi, SQL Server MVP
> http://www.karaszi.com/sqlserver/default.asp
> http://www.solidqualitylearning.com/
>
> "Owen" <owen_lin@.hotmail.com> wrote in message news:35f801c4a601$fd6b9200$a501280a@.phx.gbl...
>
>
|||Thanks for your reply Greg.
May I ask what sort of issue(s) might occur by allowing the use of " ?
Owen
"Greg D. Moore (Strider)" wrote:

> "Owen" <owen_lin@.hotmail.com> wrote in message
> news:35f801c4a601$fd6b9200$a501280a@.phx.gbl...
> My guess is they're trying to trap certain stuff to prevent SQL Injection
> attacks.
> However, allowing " isn't smart in that case.
>
>
|||Oh yes, I forgot to mention the SQL Server is Traditional Chinese version,
does it make any different in this case?
"Owen" wrote:

> Thanks for your reply Tibor.
> I am in a situation where the company that is hosting my
> web site has told me that I cannot enter characters ' and
> + in the column as it will cause problem, I can enter "
> however. What can you suggest that I tell them as I do
> need to input those characters.
> Thanks
> Owen
> collation selected for the
> news:12f901c4a5f1$04a6acf0$a601280a@.phx.gbl...
>
|||"Owen" <Owen@.discussions.microsoft.com> wrote in message
news:67D98731-28FA-4E60-8A36-6E0A116F9E91@.microsoft.com...
> I spoke to the company that is hosting my web site and DB, although I did
not
> asked them in details as to what sort of problem it might cuase or have
> caused in the past, but they did told me that it has been a problem in the
> past where their hosting site(s) needing to store ' within SQL and have
> encountered some issue.
>
The general way of handling this is use '' (two single quotes).
ie. select * from names where lastname='O''brien'
It's not clear to me what they're doing, blocking ' entirely?

> They have asked me to seek advice on their behalf as to what can/should
they
> do to overcome such problem.
> Many thanks
> Owen
|||"Owen" <Owen@.discussions.microsoft.com> wrote in message
news:DB0511AF-7798-4821-A269-52F5FEFB3236@.microsoft.com...
> Oh yes, I forgot to mention the SQL Server is Traditional Chinese version,
> does it make any different in this case?
>
Depending on how their server is setup, it's possible to treat " like '
which then of course leads to SQL Injection attacks.

No comments:

Post a Comment