Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
k3n51mm
Starting Member
4 Posts |
 Posted - 2008-05-13 : 21:55:13
|
| We have a VB.Net 2005 application that uses SQL CE 3.1 as its embedded database.Frequently in the application, we must store strings with apostrophes, quotes, and all kinds of other stuff. It's totally unwieldy to try and manually escape every nonstandard character in every string... this is why we need to know how to handle this issue for all possible input.What is the best method we can use to store any string, no matter what characters occur in it? The reason we must now improve our string handling is that we are now being required to store MD5 hashes of files for security and duplicate file avoidance, and these hashes usually break our import functions.We normally enclose strings in single quotes ('). But, with the hashes as mentioned above, none of our current code works. Again: how can we be certain that the exact string we pass in will be stored in its current form, no matter what the characters?THANKS |
|
|
GilaMonster
Master Smack Fu Yak Hacker
4507 Posts |
Posted - 2008-05-14 : 02:33:35
|
| Use the .net parameters objects to pass the parameters. It doesn't matter what's in the value then. Bonus, you also protect yourself against SQL injection.--Gail Shaw |
 |
|
|
|
|
|
SQL-safe string inserts