Using a language that using A4GL to connect to the database. From within the language(COBOL) we have the ability to add a simple query. All is fine with one exception. Some of the fields might have a quote mark in it.
we have a field in particular that a lot of our clients like to put an apostrophe in. such as 0001A'06, 2'11" and so on. Now from inside our programs and using the simple query we add something like 'where ap_id = '0001A'06' which i know is an error but is there a way around this or a way to make it work?You can use REPLACE on the string to change each single quote to two single quotes (NOT the "double-quote" character). But is looks like you are using direct dynamic SQL, and that is an invitation to SQL injection security attacks.|||That works all we have to do now is fix all of programs, (possible 800 or so).
Thanks again...|||COBOL and SQL Server?
It's an abomination I tells ya.....
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment