Home > Software engineering >  Could you please tell me where to use SQL TEXTBOX 'number symbols, such as how to handle it?
Could you please tell me where to use SQL TEXTBOX 'number symbols, such as how to handle it?

Time:10-06

For example a textbox
The SQL statement is "select * from the database where the username='" & amp; Text1. Text & amp;" '
"If textbox didn't fill in 'no such things as is normal.
But fill a 'number is error

It should be SQL injection attacks. Can pass judgment is there ', to do judgment.

But if you must be in the textbox 'number, that should be how to deal with?

CodePudding user response:

http://www.2cto.com/database/201212/172678.html

CodePudding user response:

SQL command process is that the software in the form of a string to the SQL statement sent to the database engine, engine to perform,

Therefore, there is a database engine for statement format compatibility, is not only software if processing problems,

Single quotation marks in the SQL statement is treated as a special grammatical meaning of keyword to handle, therefore, generally speaking the user should not be used as it honestly character, that is, create record on the register, you should consider to the user name does not contain single quotation marks, to be ruled out,

If a database engine can compatible with it in one form or another, such as double writing, the software can release such a statement,

CodePudding user response: 

 Public Function FmtStr (mStr As String) As String 
'handling of the input string single quotes, string in single quotation marks are into double quotes 
Dim As Integer I 
Dim Tmpstr As String 
Dim s As String 
Tmpstr="" 
For I=1 To Len (mStr) 
S=Mid (mStr, I, 1) 
If s="" Then 
Tmpstr=Tmpstr & amp; "" '" 
The Else 
Tmpstr=Tmpstr & amp; S 
End the If 
Next I 
Tmpstr=Replace (Tmpstr, vbCrLf, "") 
 'to filter the enter keyThe FmtStr=Trim (Tmpstr) 
End the Function


SQL="select * from the database where the username='" & amp; FMTSTR (text1. Text) & amp;" '
"

CodePudding user response:

I mean not "encapsulation" into a string?
Like now, although CSDN BBS is written in other languages, also he is also want to use SQL
Now with a single seal number is a little problem, all didn't!
I learn c # for half a bucket of water, but also has the problem, but he took his call sqlhelper class can directly put 'number when the string handling away.
So I really want to know this single quotes' curious is how to deal with

Page link:https//www.codepudding.com/Softwareengineering/54125.html

Prev:VB datalist control to be the focus how to automatically select the first line?
Next:Consult a great god, VB delete examples of CAD reference block
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding