Does any one know if there're certain character(s) that
cannot be stored in the DB which is similar to Windows
cannot have " or * etc.?
Thanks
OwenNot really. But the character repertoire is based on the collation selected for the
column/database/server.
--
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://www.solidqualitylearning.com/
"Owen" <owen_lin@.hotmail.com> wrote in message news:12f901c4a5f1$04a6acf0$a601280a@.phx.gbl...
> Does any one know if there're certain character(s) that
> cannot be stored in the DB which is similar to Windows
> cannot have " or * etc.?
> Thanks
> Owen|||Thanks for your reply Tibor.
I am in a situation where the company that is hosting my
web site has told me that I cannot enter characters ' and
+ in the column as it will cause problem, I can enter "
however. What can you suggest that I tell them as I do
need to input those characters.
Thanks
Owen
>Not really. But the character repertoire is based on the
collation selected for the
>column/database/server.
>--
>Tibor Karaszi, SQL Server MVP
>http://www.karaszi.com/sqlserver/default.asp
>http://www.solidqualitylearning.com/
>
>"Owen" <owen_lin@.hotmail.com> wrote in message
news:12f901c4a5f1$04a6acf0$a601280a@.phx.gbl...
>> Does any one know if there're certain character(s) that
>> cannot be stored in the DB which is similar to Windows
>> cannot have " or * etc.?
>> Thanks
>> Owen|||Ask them what they mean by "it will cause problem". SQL Server can certainly handle this. Who wrote
the application you are using?
--
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://www.solidqualitylearning.com/
"Owen" <owen_lin@.hotmail.com> wrote in message news:35f801c4a601$fd6b9200$a501280a@.phx.gbl...
> Thanks for your reply Tibor.
> I am in a situation where the company that is hosting my
> web site has told me that I cannot enter characters ' and
> + in the column as it will cause problem, I can enter "
> however. What can you suggest that I tell them as I do
> need to input those characters.
> Thanks
> Owen
> >Not really. But the character repertoire is based on the
> collation selected for the
> >column/database/server.
> >
> >--
> >Tibor Karaszi, SQL Server MVP
> >http://www.karaszi.com/sqlserver/default.asp
> >http://www.solidqualitylearning.com/
> >
> >
> >"Owen" <owen_lin@.hotmail.com> wrote in message
> news:12f901c4a5f1$04a6acf0$a601280a@.phx.gbl...
> >> Does any one know if there're certain character(s) that
> >> cannot be stored in the DB which is similar to Windows
> >> cannot have " or * etc.?
> >>
> >> Thanks
> >>
> >> Owen|||"Owen" <owen_lin@.hotmail.com> wrote in message
news:35f801c4a601$fd6b9200$a501280a@.phx.gbl...
> Thanks for your reply Tibor.
> I am in a situation where the company that is hosting my
> web site has told me that I cannot enter characters ' and
> + in the column as it will cause problem, I can enter "
> however. What can you suggest that I tell them as I do
> need to input those characters.
My guess is they're trying to trap certain stuff to prevent SQL Injection
attacks.
However, allowing " isn't smart in that case.|||I spoke to the company that is hosting my web site and DB, although I did not
asked them in details as to what sort of problem it might cuase or have
caused in the past, but they did told me that it has been a problem in the
past where their hosting site(s) needing to store ' within SQL and have
encountered some issue.
They have asked me to seek advice on their behalf as to what can/should they
do to overcome such problem.
Many thanks
Owen
"Tibor Karaszi" wrote:
> Ask them what they mean by "it will cause problem". SQL Server can certainly handle this. Who wrote
> the application you are using?
> --
> Tibor Karaszi, SQL Server MVP
> http://www.karaszi.com/sqlserver/default.asp
> http://www.solidqualitylearning.com/
>
> "Owen" <owen_lin@.hotmail.com> wrote in message news:35f801c4a601$fd6b9200$a501280a@.phx.gbl...
> > Thanks for your reply Tibor.
> >
> > I am in a situation where the company that is hosting my
> > web site has told me that I cannot enter characters ' and
> > + in the column as it will cause problem, I can enter "
> > however. What can you suggest that I tell them as I do
> > need to input those characters.
> >
> > Thanks
> >
> > Owen
> >
> > >Not really. But the character repertoire is based on the
> > collation selected for the
> > >column/database/server.
> > >
> > >--
> > >Tibor Karaszi, SQL Server MVP
> > >http://www.karaszi.com/sqlserver/default.asp
> > >http://www.solidqualitylearning.com/
> > >
> > >
> > >"Owen" <owen_lin@.hotmail.com> wrote in message
> > news:12f901c4a5f1$04a6acf0$a601280a@.phx.gbl...
> > >> Does any one know if there're certain character(s) that
> > >> cannot be stored in the DB which is similar to Windows
> > >> cannot have " or * etc.?
> > >>
> > >> Thanks
> > >>
> > >> Owen
>
>|||Thanks for your reply Greg.
May I ask what sort of issue(s) might occur by allowing the use of " ?
Owen
"Greg D. Moore (Strider)" wrote:
> "Owen" <owen_lin@.hotmail.com> wrote in message
> news:35f801c4a601$fd6b9200$a501280a@.phx.gbl...
> > Thanks for your reply Tibor.
> >
> > I am in a situation where the company that is hosting my
> > web site has told me that I cannot enter characters ' and
> > + in the column as it will cause problem, I can enter "
> > however. What can you suggest that I tell them as I do
> > need to input those characters.
> My guess is they're trying to trap certain stuff to prevent SQL Injection
> attacks.
> However, allowing " isn't smart in that case.
>
>|||Oh yes, I forgot to mention the SQL Server is Traditional Chinese version,
does it make any different in this case?
"Owen" wrote:
> Thanks for your reply Tibor.
> I am in a situation where the company that is hosting my
> web site has told me that I cannot enter characters ' and
> + in the column as it will cause problem, I can enter "
> however. What can you suggest that I tell them as I do
> need to input those characters.
> Thanks
> Owen
> >Not really. But the character repertoire is based on the
> collation selected for the
> >column/database/server.
> >
> >--
> >Tibor Karaszi, SQL Server MVP
> >http://www.karaszi.com/sqlserver/default.asp
> >http://www.solidqualitylearning.com/
> >
> >
> >"Owen" <owen_lin@.hotmail.com> wrote in message
> news:12f901c4a5f1$04a6acf0$a601280a@.phx.gbl...
> >> Does any one know if there're certain character(s) that
> >> cannot be stored in the DB which is similar to Windows
> >> cannot have " or * etc.?
> >>
> >> Thanks
> >>
> >> Owen
>|||"Owen" <Owen@.discussions.microsoft.com> wrote in message
news:67D98731-28FA-4E60-8A36-6E0A116F9E91@.microsoft.com...
> I spoke to the company that is hosting my web site and DB, although I did
not
> asked them in details as to what sort of problem it might cuase or have
> caused in the past, but they did told me that it has been a problem in the
> past where their hosting site(s) needing to store ' within SQL and have
> encountered some issue.
>
The general way of handling this is use '' (two single quotes).
ie. select * from names where lastname='O''brien'
It's not clear to me what they're doing, blocking ' entirely?
> They have asked me to seek advice on their behalf as to what can/should
they
> do to overcome such problem.
> Many thanks
> Owen|||"Owen" <Owen@.discussions.microsoft.com> wrote in message
news:DB0511AF-7798-4821-A269-52F5FEFB3236@.microsoft.com...
> Oh yes, I forgot to mention the SQL Server is Traditional Chinese version,
> does it make any different in this case?
>
Depending on how their server is setup, it's possible to treat " like '
which then of course leads to SQL Injection attacks.|||> They have asked me to seek advice on their behalf as to what can/should they
> do to overcome such problem.
"I have an application that uses SQL Server, and my application has a lot of bugs in it. I.e.,
there's a problem in SQL server, is there a fix for it?"
I'm not sure I can put it simpler than above. :-)
--
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://www.solidqualitylearning.com/
"Owen" <Owen@.discussions.microsoft.com> wrote in message
news:67D98731-28FA-4E60-8A36-6E0A116F9E91@.microsoft.com...
> I spoke to the company that is hosting my web site and DB, although I did not
> asked them in details as to what sort of problem it might cuase or have
> caused in the past, but they did told me that it has been a problem in the
> past where their hosting site(s) needing to store ' within SQL and have
> encountered some issue.
> They have asked me to seek advice on their behalf as to what can/should they
> do to overcome such problem.
> Many thanks
> Owen
> "Tibor Karaszi" wrote:
> > Ask them what they mean by "it will cause problem". SQL Server can certainly handle this. Who
wrote
> > the application you are using?
> >
> > --
> > Tibor Karaszi, SQL Server MVP
> > http://www.karaszi.com/sqlserver/default.asp
> > http://www.solidqualitylearning.com/
> >
> >
> > "Owen" <owen_lin@.hotmail.com> wrote in message news:35f801c4a601$fd6b9200$a501280a@.phx.gbl...
> > > Thanks for your reply Tibor.
> > >
> > > I am in a situation where the company that is hosting my
> > > web site has told me that I cannot enter characters ' and
> > > + in the column as it will cause problem, I can enter "
> > > however. What can you suggest that I tell them as I do
> > > need to input those characters.
> > >
> > > Thanks
> > >
> > > Owen
> > >
> > > >Not really. But the character repertoire is based on the
> > > collation selected for the
> > > >column/database/server.
> > > >
> > > >--
> > > >Tibor Karaszi, SQL Server MVP
> > > >http://www.karaszi.com/sqlserver/default.asp
> > > >http://www.solidqualitylearning.com/
> > > >
> > > >
> > > >"Owen" <owen_lin@.hotmail.com> wrote in message
> > > news:12f901c4a5f1$04a6acf0$a601280a@.phx.gbl...
> > > >> Does any one know if there're certain character(s) that
> > > >> cannot be stored in the DB which is similar to Windows
> > > >> cannot have " or * etc.?
> > > >>
> > > >> Thanks
> > > >>
> > > >> Owen
> >
> >
> >|||They have overcome the problem within the ASP coding by using "relapce".
The issue came about as we have an admin section for our company's web site,
this is an interface where we can update the info on the site, but apparently
when a single quotation mark (') is written to the SQL via the ASP it would
cause some problem. So someone have suggested the use of "relapce" to write
two single quotation mark where one is entered, and would display it as one
single quotation mark when two singles '' is detected.
This seem to do the trick nevertheless, not sure what your thoughts are on
this?
"Owen" wrote:
> I spoke to the company that is hosting my web site and DB, although I did not
> asked them in details as to what sort of problem it might cuase or have
> caused in the past, but they did told me that it has been a problem in the
> past where their hosting site(s) needing to store ' within SQL and have
> encountered some issue.
> They have asked me to seek advice on their behalf as to what can/should they
> do to overcome such problem.
> Many thanks
> Owen
> "Tibor Karaszi" wrote:
> > Ask them what they mean by "it will cause problem". SQL Server can certainly handle this. Who wrote
> > the application you are using?
> >
> > --
> > Tibor Karaszi, SQL Server MVP
> > http://www.karaszi.com/sqlserver/default.asp
> > http://www.solidqualitylearning.com/
> >
> >
> > "Owen" <owen_lin@.hotmail.com> wrote in message news:35f801c4a601$fd6b9200$a501280a@.phx.gbl...
> > > Thanks for your reply Tibor.
> > >
> > > I am in a situation where the company that is hosting my
> > > web site has told me that I cannot enter characters ' and
> > > + in the column as it will cause problem, I can enter "
> > > however. What can you suggest that I tell them as I do
> > > need to input those characters.
> > >
> > > Thanks
> > >
> > > Owen
> > >
> > > >Not really. But the character repertoire is based on the
> > > collation selected for the
> > > >column/database/server.
> > > >
> > > >--
> > > >Tibor Karaszi, SQL Server MVP
> > > >http://www.karaszi.com/sqlserver/default.asp
> > > >http://www.solidqualitylearning.com/
> > > >
> > > >
> > > >"Owen" <owen_lin@.hotmail.com> wrote in message
> > > news:12f901c4a5f1$04a6acf0$a601280a@.phx.gbl...
> > > >> Does any one know if there're certain character(s) that
> > > >> cannot be stored in the DB which is similar to Windows
> > > >> cannot have " or * etc.?
> > > >>
> > > >> Thanks
> > > >>
> > > >> Owen
> >
> >
> >|||> So someone have suggested the use of "relapce" to write
> two single quotation mark where one is entered, and would display it as one
> single quotation mark when two singles '' is detected.
> This seem to do the trick nevertheless, not sure what your thoughts are on
> this?
The correct way to input a single quote in the SQL language is indeed to escape it with a preceding
single quote (which makes it two single quotes).
Consider using command objects and parameter object in your app, this way your database programming
interface (ADO etc) will do this for you.
--
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://www.solidqualitylearning.com/
"Owen" <Owen@.discussions.microsoft.com> wrote in message
news:7E044AE8-4459-427F-9923-DEE984ABD117@.microsoft.com...
> They have overcome the problem within the ASP coding by using "relapce".
> The issue came about as we have an admin section for our company's web site,
> this is an interface where we can update the info on the site, but apparently
> when a single quotation mark (') is written to the SQL via the ASP it would
> cause some problem. So someone have suggested the use of "relapce" to write
> two single quotation mark where one is entered, and would display it as one
> single quotation mark when two singles '' is detected.
> This seem to do the trick nevertheless, not sure what your thoughts are on
> this?
>
> "Owen" wrote:
>> I spoke to the company that is hosting my web site and DB, although I did not
>> asked them in details as to what sort of problem it might cuase or have
>> caused in the past, but they did told me that it has been a problem in the
>> past where their hosting site(s) needing to store ' within SQL and have
>> encountered some issue.
>> They have asked me to seek advice on their behalf as to what can/should they
>> do to overcome such problem.
>> Many thanks
>> Owen
>> "Tibor Karaszi" wrote:
>> > Ask them what they mean by "it will cause problem". SQL Server can certainly handle this. Who
>> > wrote
>> > the application you are using?
>> >
>> > --
>> > Tibor Karaszi, SQL Server MVP
>> > http://www.karaszi.com/sqlserver/default.asp
>> > http://www.solidqualitylearning.com/
>> >
>> >
>> > "Owen" <owen_lin@.hotmail.com> wrote in message news:35f801c4a601$fd6b9200$a501280a@.phx.gbl...
>> > > Thanks for your reply Tibor.
>> > >
>> > > I am in a situation where the company that is hosting my
>> > > web site has told me that I cannot enter characters ' and
>> > > + in the column as it will cause problem, I can enter "
>> > > however. What can you suggest that I tell them as I do
>> > > need to input those characters.
>> > >
>> > > Thanks
>> > >
>> > > Owen
>> > >
>> > > >Not really. But the character repertoire is based on the
>> > > collation selected for the
>> > > >column/database/server.
>> > > >
>> > > >--
>> > > >Tibor Karaszi, SQL Server MVP
>> > > >http://www.karaszi.com/sqlserver/default.asp
>> > > >http://www.solidqualitylearning.com/
>> > > >
>> > > >
>> > > >"Owen" <owen_lin@.hotmail.com> wrote in message
>> > > news:12f901c4a5f1$04a6acf0$a601280a@.phx.gbl...
>> > > >> Does any one know if there're certain character(s) that
>> > > >> cannot be stored in the DB which is similar to Windows
>> > > >> cannot have " or * etc.?
>> > > >>
>> > > >> Thanks
>> > > >>
>> > > >> Owen
>> >
>> >
>> >
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment