[ic] "==" and "!=" as DB field values
Peter
peter at pajamian.dhs.org
Mon Oct 27 12:16:27 EST 2003
Grant wrote:
>>Most problems with content of the field would mostly occur with control
>>characters (ascii less than 32) and characters that need escaping in SQL
>>strings.
>>
>>Behaviour for control characters within a string is undefined (what does
>>SQL do if there is a carriage return or newline in a string before the
>>string is terminated?).
>>
>>In SQL statements, strings are enclosed between apostrophes ('), so if
>>your strings contain apostrophes and you want to send them to an SQL
>>field, you need escape them by doubling them, otherwise the first
>>apostrophe in your string will be considered to be string terminator. In
>>the best case this would cause incorrect SQL syntax; in the worst case,
>>an improperly escaped apostrophe can compromise the security of your
>>application.
Doesn't IC escape these automatically via the DBI quote function or via
'?'-type parameters?
Peter
More information about the interchange-users
mailing list