Does any one know if there're certain character(s) that
cannot be stored in the DB which is similar to Windows
cannot have " or * etc.?
Thanks
Owen
Not really. But the character repertoire is based on the collation selected for the
column/database/server.
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://www.solidqualitylearning.com/
"Owen" <owen_lin@.hotmail.com> wrote in message news:12f901c4a5f1$04a6acf0$a601280a@.phx.gbl...
> Does any one know if there're certain character(s) that
> cannot be stored in the DB which is similar to Windows
> cannot have " or * etc.?
> Thanks
> Owen
|||Thanks for your reply Tibor.
I am in a situation where the company that is hosting my
web site has told me that I cannot enter characters ' and
+ in the column as it will cause problem, I can enter "
however. What can you suggest that I tell them as I do
need to input those characters.
Thanks
Owen
>Not really. But the character repertoire is based on the
collation selected for the
>column/database/server.
>--
>Tibor Karaszi, SQL Server MVP
>http://www.karaszi.com/sqlserver/default.asp
>http://www.solidqualitylearning.com/
>
>"Owen" <owen_lin@.hotmail.com> wrote in message
news:12f901c4a5f1$04a6acf0$a601280a@.phx.gbl...[vbcol=seagreen]
|||Ask them what they mean by "it will cause problem". SQL Server can certainly handle this. Who wrote
the application you are using?
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://www.solidqualitylearning.com/
"Owen" <owen_lin@.hotmail.com> wrote in message news:35f801c4a601$fd6b9200$a501280a@.phx.gbl...[vbcol=seagreen]
> Thanks for your reply Tibor.
> I am in a situation where the company that is hosting my
> web site has told me that I cannot enter characters ' and
> + in the column as it will cause problem, I can enter "
> however. What can you suggest that I tell them as I do
> need to input those characters.
> Thanks
> Owen
> collation selected for the
> news:12f901c4a5f1$04a6acf0$a601280a@.phx.gbl...
|||"Owen" <owen_lin@.hotmail.com> wrote in message
news:35f801c4a601$fd6b9200$a501280a@.phx.gbl...
> Thanks for your reply Tibor.
> I am in a situation where the company that is hosting my
> web site has told me that I cannot enter characters ' and
> + in the column as it will cause problem, I can enter "
> however. What can you suggest that I tell them as I do
> need to input those characters.
My guess is they're trying to trap certain stuff to prevent SQL Injection
attacks.
However, allowing " isn't smart in that case.
|||I spoke to the company that is hosting my web site and DB, although I did not
asked them in details as to what sort of problem it might cuase or have
caused in the past, but they did told me that it has been a problem in the
past where their hosting site(s) needing to store ' within SQL and have
encountered some issue.
They have asked me to seek advice on their behalf as to what can/should they
do to overcome such problem.
Many thanks
Owen
"Tibor Karaszi" wrote:
> Ask them what they mean by "it will cause problem". SQL Server can certainly handle this. Who wrote
> the application you are using?
> --
> Tibor Karaszi, SQL Server MVP
> http://www.karaszi.com/sqlserver/default.asp
> http://www.solidqualitylearning.com/
>
> "Owen" <owen_lin@.hotmail.com> wrote in message news:35f801c4a601$fd6b9200$a501280a@.phx.gbl...
>
>
|||Thanks for your reply Greg.
May I ask what sort of issue(s) might occur by allowing the use of " ?
Owen
"Greg D. Moore (Strider)" wrote:
> "Owen" <owen_lin@.hotmail.com> wrote in message
> news:35f801c4a601$fd6b9200$a501280a@.phx.gbl...
> My guess is they're trying to trap certain stuff to prevent SQL Injection
> attacks.
> However, allowing " isn't smart in that case.
>
>
|||Oh yes, I forgot to mention the SQL Server is Traditional Chinese version,
does it make any different in this case?
"Owen" wrote:
> Thanks for your reply Tibor.
> I am in a situation where the company that is hosting my
> web site has told me that I cannot enter characters ' and
> + in the column as it will cause problem, I can enter "
> however. What can you suggest that I tell them as I do
> need to input those characters.
> Thanks
> Owen
> collation selected for the
> news:12f901c4a5f1$04a6acf0$a601280a@.phx.gbl...
>
|||"Owen" <Owen@.discussions.microsoft.com> wrote in message
news:67D98731-28FA-4E60-8A36-6E0A116F9E91@.microsoft.com...
> I spoke to the company that is hosting my web site and DB, although I did
not
> asked them in details as to what sort of problem it might cuase or have
> caused in the past, but they did told me that it has been a problem in the
> past where their hosting site(s) needing to store ' within SQL and have
> encountered some issue.
>
The general way of handling this is use '' (two single quotes).
ie. select * from names where lastname='O''brien'
It's not clear to me what they're doing, blocking ' entirely?
> They have asked me to seek advice on their behalf as to what can/should
they
> do to overcome such problem.
> Many thanks
> Owen
|||"Owen" <Owen@.discussions.microsoft.com> wrote in message
news:DB0511AF-7798-4821-A269-52F5FEFB3236@.microsoft.com...
> Oh yes, I forgot to mention the SQL Server is Traditional Chinese version,
> does it make any different in this case?
>
Depending on how their server is setup, it's possible to treat " like '
which then of course leads to SQL Injection attacks.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment