Nope, nothing you can do on the server end. The server will only
accept syntactically correct SQL statement and broken strings will
undermine that.
In practice, if you are careful to at least escape the quotes (ie '
--> \' ), you can avoid nasty SQL injection attacks, although some
statements m
Thanks michael,
Good question/observation - I am using a main stream language - an
almost-homemade scripting language
which does have a "replace" functionality which allows me to replave a ' with
\' - on a
per field basis - as i have which dozens of fields to attend to, and would have
to code
Yes, there are plenty of smart ways to deal with this. Each of them
is somewhat dependant on whatever general purpose programming language
you are using and/or the environment you are working in.
In PHP we have mysql_escape_string() or PDO, in perl and Java, among
others, prepared statements are
Hello,
I am populating mysql with data, from an external source, that now and again in
different fields has single quotes within the data intended to be inserted into
varchars.
This causes a sql parse error.
Is there are smart way of dealing with this?
TIA
Syd
