B
BTnews
Hi,
Can anyone here point me at a definitive guide or tutorial about using
escape characters when building SQL queries from user entered data?
I'm especially interested in info on this in regard to Access databases and
(classic) ASP.
I've been writing ASP for just over a year now, and I've usually found very
comprehensive answers to other problems on one of the many excellent website
resources out there. The coverage of this particular issue seems to be
patchy at best though. Given the importance of this in regards to security
and making sure key features like search facilities work properly I'm
suprised it isn't covered very well. The solutions i've seen include
doubling apostrophes (which doesn't always seem to work), using [] brackets
within LIKE clauses (so how do you escape square brackets?), using
backslashes, using an ESCAPE keyword etc.
What I want to know is which solutions to use in which cases, and a full
list of characters to check for would be useful also.
Thanks
D.Jones
Can anyone here point me at a definitive guide or tutorial about using
escape characters when building SQL queries from user entered data?
I'm especially interested in info on this in regard to Access databases and
(classic) ASP.
I've been writing ASP for just over a year now, and I've usually found very
comprehensive answers to other problems on one of the many excellent website
resources out there. The coverage of this particular issue seems to be
patchy at best though. Given the importance of this in regards to security
and making sure key features like search facilities work properly I'm
suprised it isn't covered very well. The solutions i've seen include
doubling apostrophes (which doesn't always seem to work), using [] brackets
within LIKE clauses (so how do you escape square brackets?), using
backslashes, using an ESCAPE keyword etc.
What I want to know is which solutions to use in which cases, and a full
list of characters to check for would be useful also.
Thanks
D.Jones