Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 SQL Server 2000 Forums
 Transact-SQL (2000)
 Escaping quotes in stored proc and getting error.

Author  Topic 

bogey
Posting Yak Master

166 Posts
Posted - 2006-12-18 : 15:37:53
I'm executing the below stored proc and I'm passing some text to it.

spGetStudent ' and u.id = 565887898 and u.id in (select app_id from this_form f inner join formType ft on f.formType_id = ft.formType_id where f.ff_id = 203 and ft.formType_name
in (''Interviewer'', ''Screener''))'

I'm getting the error when I execute the above stmt.

Msg 105, Level 15, State 1, Line 43
Unclosed quotation mark after the character string 'Inter'.
Msg 102, Level 15, State 1, Line 43
Incorrect syntax near 'Inter'.

SwePeso
Patron Saint of Lost Yaks

30421 Posts
Posted - 2006-12-18 : 15:44:48
Increase the parameters size form whatever it is now, to at least 21 characters longer.
Why calc? Just set the parameter as VARCHAR(4000) directly.


Peter Larsson
Helsingborg, Sweden
Go to Top of Page

bogey
Posting Yak Master

166 Posts
Posted - 2006-12-18 : 16:00:17
quote:
Originally posted by Peso

Increase the parameters size form whatever it is now, to at least 21 characters longer.
Why calc? Just set the parameter as VARCHAR(4000) directly.


Peter Larsson
Helsingborg, Sweden

Tack så mycket (hope that's correct). Peter your solution worked.
Go to Top of Page

SwePeso
Patron Saint of Lost Yaks

30421 Posts
Posted - 2006-12-18 : 16:22:38
Yes, that is correct!
Been on mission in Sweden?


Peter Larsson
Helsingborg, Sweden
Go to Top of Page

bogey
Posting Yak Master

166 Posts
Posted - 2006-12-18 : 16:28:57
quote:
Originally posted by Peso

Yes, that is correct!
Been on mission in Sweden?


Peter Larsson
Helsingborg, Sweden


No - But I'd like to...got any available
Go to Top of Page

madhivanan
Premature Yak Congratulator

22864 Posts
Posted - 2006-12-19 : 23:20:41
1 Passing where condition is not effecient
2 You should use parameters and pass values to them

Madhivanan

Failing to plan is Planning to fail
Go to Top of Page

bogey
Posting Yak Master

166 Posts
Posted - 2006-12-20 : 08:32:08
I'm the receipient of this code and not the creator. I've taken over a fairly large .NET application so there are alot of things I'd do different.

quote:
Originally posted by madhivanan

1 Passing where condition is not effecient
2 You should use parameters and pass values to them

Madhivanan

Failing to plan is Planning to fail
Go to Top of Page

madhivanan
Premature Yak Congratulator

22864 Posts
Posted - 2006-12-20 : 08:51:14
If you are not the creator then advise him not to use that
Related links

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsqlmag04/html/InjectionProtection.asp
http://www.acunetix.com/websitesecurity/sql-injection.htm


Madhivanan

Failing to plan is Planning to fail
Go to Top of Page
   

Subscribe to SQLTeam.com

SQLTeam.com Articles via RSS

SQLTeam.com Weblog via RSS

- Advertisement -

Resources

Articles

Forums

Blogs

Contact Us

About the Site