Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: users using &, ", ', and other chars in input fields

Re: users using &, ", ', and other chars in input fields

From: Daniel Morgan <damorgan_at_x.washington.edu>
Date: Fri, 30 Jan 2004 07:20:55 -0800
Message-ID: <1075475994.817194@yasure> 





Chris O wrote:



>>I see no evidence of dynamic SQL having anything to do with the OP's

>>question. Perhaps this is my error but what I saw was:

>>

>>SQL> CREATE TABLE test (

>>   2  testcol  VARCHAR2(20));

>>

>>SQL> insert into test values (TRANSLATE('ABC&DEF', 'A&', 'A'));

>>

>>1 row created.

>>

>>SQL> select * from test;

>>

>>TESTCOL


>>--------------------

>>ABCDEF


>>

>>SQL>


>>

>>Ampersand stripped out.

>>

>>-- 

>>Daniel Morgan


> 
> Hi Daniel.
> 
> As I read it, there were two examples given.
> 
> The first was this:
> 




>>>>>As an example users enter double quotes in a text field surrounding a

>>>>>specific piece of text they want to hi-lite and then it barfs during


> 
> the
> 




>>>>>oracle insert step because the string is not properly delimited.

>>>>>


> 
> which implies to me that their application is constructing the SQL insert
> statement dynamically.
> 
> Cheers Chris





Perhaps. I was thinking more that it was something like:



Enter Company Name: [               ]



and the end-user entered:



Enter Company Name: [Smith & Co.    ]


-- 
Daniel Morgan
http://www.outreach.washington.edu/ext/certificates/oad/oad_crs.asp
http://www.outreach.washington.edu/ext/certificates/aoa/aoa_crs.asp
damorgan_at_x.washington.edu
(replace 'x' with a 'u' to reply)


Received on Fri Jan 30 2004 - 09:20:55 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US