Home Forums SQL Server 7,2000 Strategies Apostrophes and Double Quotes - Should They be Allowed in table Text-Type Columns? RE: Apostrophes and Double Quotes - Should They be Allowed in table Text-Type Columns?

  • January 31, 2012 at 8:03 am

    #1440666

    mtillman-921105 (1/31/2012)

    GSquared (1/31/2012)

    Any standard character on the keyboard is a liability for this kind of thing. But well-written code doesn't have problems with it.

    If I understand correctly, I think that having to wrap every text field in a function, just in case there are quotes in it, is a design flaw. Ideally, that would be unnecessary.

    But thanks for all the information Gus, I want to look into this further.

    What I'm saying is, you don't need to wrap them in a function unless there's something wrong with the code. The reason people strip these things out is to prevent SQL injection, and it's the wrong way to do that. It's completely unnecessary if you do it the right way.

    - Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
    Property of The Thread

    "Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon