Escape characters

B

BTnews

Hi,

Can anyone here point me at a definitive guide or tutorial about using
escape characters when building SQL queries from user entered data?
I'm especially interested in info on this in regard to Access databases and
(classic) ASP.

I've been writing ASP for just over a year now, and I've usually found very
comprehensive answers to other problems on one of the many excellent website
resources out there. The coverage of this particular issue seems to be
patchy at best though. Given the importance of this in regards to security
and making sure key features like search facilities work properly I'm
suprised it isn't covered very well. The solutions i've seen include
doubling apostrophes (which doesn't always seem to work), using [] brackets
within LIKE clauses (so how do you escape square brackets?), using
backslashes, using an ESCAPE keyword etc.

What I want to know is which solutions to use in which cases, and a full
list of characters to check for would be useful also.

Thanks

D.Jones
 
B

Bob Barrows

BTnews said:
Hi,

Can anyone here point me at a definitive guide or tutorial about using
escape characters when building SQL queries from user entered data?
I'm especially interested in info on this in regard to Access
databases and (classic) ASP.

I've been writing ASP for just over a year now, and I've usually
found very comprehensive answers to other problems on one of the many
excellent website resources out there. The coverage of this
particular issue seems to be patchy at best though. Given the
importance of this in regards to security and making sure key
features like search facilities work properly I'm suprised it isn't
covered very well. The solutions i've seen include doubling
apostrophes (which doesn't always seem to work), using [] brackets
within LIKE clauses (so how do you escape square brackets?), using
backslashes, using an ESCAPE keyword etc.

What I want to know is which solutions to use in which cases, and a
full list of characters to check for would be useful also.

Thanks

D.Jones

In both SQL and vbscript (VB/VBA), you escape characters by doubling them. I
have never seen a circumstance where this did not "seem to work". Perhaps
you could expand on this ...

Backslashes are used in jscript/javascript. I've never used a language that
used an ESCAPE keyword.

I have posted on this subject several times in the past, so instead of
writing about it again, here are some links:


http://www.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&[email protected]

http://www.google.com/groups?hl=en&...&oe=UTF-8&as_uauthors=Bob%20Barrows&lr=&hl=en

http://tinyurl.com/jyy0

http://www.google.com/groups?hl=en&...x.gbl&rnum=11&prev=/groups?q=delimiter+author
:Bob%2Bauthor:Barrows%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26start%3D
10%26sa%3DN

HTH,
Bob Barrows
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top