Passing special characters to a SQL Server stored procedure
Question
I have an encryption routine that generates an encrypted string from 2 variables. This string may or may not contain "special characters". The ones in particular that give me trouble are apostrophes and brackets.
I currently use the [ ] to encapsulate the argument in my execute command. But that doesn't always work.
Does anyone have a good solution to try and stop the error from getting thrown when and end bracket gets assigned?
2 answers
solution1
0 2015-02-11 14:47:30
Have you tried with verbatim literal strings?
@"\somestring""";
solution2
0 ACCPTED 2015-02-11 17:21:56
The easiest solution would just be to escape apostrophes in your input string:
thePWD = encrypt(request("ap"), request("al"))
set rs = cn.execute("EXEC UpdateUser @uu_pswrd='" & replace(thePWD, "'", "''") & "'")
A more robust way of handling this would be to add proper parameter handling to your code. This may not be exactly right, since it's been a while since I've done this with VBA/VB6, but it should get you close:
thePWD = encrypt(request("ap"), request("al"))
set cmd = New ADODB.Command
cmd.ActiveConnection = cn
cmd.CommandText = "UpdateUser"
cmd.CommandType = "StoredProcedure"
cmd.Parameters.Add(
cmd.CreateParameter("@uu_pswrd", adVarChar, , 255, thePWD))
set rs = cmd.execute
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.