WebProWorld Part of WebProNews.com
Page One Link To Us Edit Profile Private Messages Archives FAQ RSS Feeds  
Forum Index Search Engines Marketing Site Design IT Discussion eCommerce Center  

Go Back   WebProWorld > Webmaster, IT and Security Discussion > Web Programming Discussion Forum
Reload this Page Inserting ASCII into your SQL string. ?
Subscribe to the Newsletter FREE!
Register FAQ Members List Calendar Arcade Chatbox Mark Forums Read

Web Programming Discussion Forum Working with an API? Developing a plugin? Writing a Mod or script for your favorite blog, Web 2.0 site or Forum? Welcome.

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 02-21-2006, 10:15 AM
fastedge's Avatar
WebProWorld Member
  

Join Date: Aug 2003
Location: Central Florida
Posts: 39
fastedge RepRank 0
Default Inserting ASCII into your SQL string. ?
Hi everyone. I'm stuck trying to insert a ULR string into a SQL DB that strips certain characters from anything passed to it as protection against SQL insert hacks.

My problem is that the URLs that I'm passing have the offending characters "?" and "=".

I'm trying to pass those as ASCII but for the life of me can't remember how and can't seem to find any info on how on the web. Really need help here.

ASP, VBScript, SQL2000.

Thanks.
__________________
Merc Consulting
Web Design, Development, Programming
www.mercconsulting.com
Reply With Quote
  #2 (permalink)  
Old 02-21-2006, 12:19 PM
ADAM Web Design's Avatar
WebProWorld 1,000+ Club
  

Join Date: Dec 2003
Location: Toronto, Ontario, Canada
Posts: 2,217
ADAM Web Design RepRank 0
Default
I've never had a problem passing them as is into an executable (insert, update) query.

If you're trying to retrieve them, then I'd just replace the characters with \? and \= so that the literals are taken.
Reply With Quote
  #3 (permalink)  
Old 02-21-2006, 07:23 PM
mktplace's Avatar
WebProWorld Pro
  

Join Date: Jun 2004
Location: Colorado Rockies
Posts: 157
mktplace RepRank 0
Default
server.URLencode
Reply With Quote
  #4 (permalink)  
Old 02-21-2006, 09:49 PM
WebProWorld Veteran
  

Join Date: Jul 2003
Location: United Kingdom
Posts: 467
Keimos RepRank 0
Default
They are reserved codes and should be treated as such

In code the = is a mathematical and function operator.

The ? is an opening to the question or query that is asked

As in email ?Subject= , no where else have I seen these as anything else.

So sorry I cannot help at the moment but you have got me thinking

Keimos
__________________
Keimos IT, Just helping you to get better!
www.keimos.co.uk , www.keimos.net , www.selfpacedit.co.uk ,www.earn_online.veretekk.com
Reply With Quote
Reply

  WebProWorld > Webmaster, IT and Security Discussion > Web Programming Discussion Forum
Tags: , , ,


« CSS layout looks fine in IE but is goofed up in FireFox. | Walhello issues »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

WebProWorld | Advertise | About | Forum Rules | MVP's | Archive | Newsletter Archive | Top | WebProNews | Statistics
WebProWorld is an iEntry, Inc. ® site - © 2008 All Rights Reserved Privacy Policy and Legal
iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509


All times are GMT -4. The time now is 09:48 AM.

Search Engine Optimization by vBSEO 3.2.0