Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
passing 10 19" as a parameter
- Thread starter griffitd
- Start date
Olaf Doschke
Programmer
As softhemc shows, that's not a problem for SQL Server, as the string delimiters here are single quotes and not double quotes.
Do you have a problem in .NET? In C# for example single quotes only delimit chars, single chars. To have a duoble quote in a double quoted string you prefix it with a \ or use a double double quote ""
Besides, this is really only a problem in writing this in source code. If the value comes from a form a string can contain anything, also single quotes, as it's entered into a control and there are no delimiters needed for that. To pass this on you use paramters as you plan and don't have to fear sql injection. Your query code itself will then need to contain ? or @var. Depends on what client language you use, again.
Bye, Olaf.
Do you have a problem in .NET? In C# for example single quotes only delimit chars, single chars. To have a duoble quote in a double quoted string you prefix it with a \ or use a double double quote ""
Besides, this is really only a problem in writing this in source code. If the value comes from a form a string can contain anything, also single quotes, as it's entered into a control and there are no delimiters needed for that. To pass this on you use paramters as you plan and don't have to fear sql injection. Your query code itself will then need to contain ? or @var. Depends on what client language you use, again.
Bye, Olaf.
- Status
Similar threads
- Locked
- Question