I have a problem wherein if I have a text area in ASP.NET and enter 2 double quotes at the very end of the sentence, I get a error in my sql statement. I have traced thru the sql profiler but with no luck.
eg. The lazy fox jump over the dog"". This fails....
""The "lazy" fox jumps over the dog. This seems fine
Any pointers most welcome
-
Are you concatenating your user input into the SQL statement directly? If so, that's almost certainly the problem.
If you use a parameterised SQL statement instead (i.e. send the user data as a parameter rather than directly in the SQL) it should be fine. That way you also guard against SQL injection attacks...
-
0x3A28213A 0X6339392C 0X7363682ETelos : Plagiarized from XKCD, of course...Marc Gravell : That'll be the problem then! Maybe he's using x64, so those 32-bit pointers won't work... -
You should probably post the exact error message (and if possible, illustrative code). Also - note that with LINQ-to-SQL, you don't need the sql profiler to see the trace:
ctx.Log = Console.Out; // job done
0 comments:
Post a Comment