Re: Parameter default value


MGFoster wrote:
> I don't know what you're trying to do w/ a default of ';:,'',:;'

Again, the data is meaningless. My point is, it would be tricky to
parse the SQL to extract the parameter's value because the parameter
value, held in single quotes in the definition, could itself contain
single quotes (the two quotes represents a one escaped quote), commas
(the delimiting character for parameter definitions), semicolons (the
delimiting character between PARAMTERS declaration and main SQL
definition), equals signs (the delimiting character between the main
parameter definition and the parameter default value definition) etc
etc.

.

Relevant Pages

  • Re: Need help with SQL injection proof recordset Update code
    ... attack is when you are dynamically building your one sql strings. ... quote with two single quotes by using the replace command. ...
    (microsoft.public.inetserver.asp.db)
  • Re: What is missing?
    ... You're trying to use single quotes to denote string values in SQL statements ... (which is correct in most RDBMS like SQL Server or Oracle), ...
    (microsoft.public.access.tablesdbdesign)
  • R: [Full-Disclosure] sql injection question
    ... You have to replace the single quotes with two quotes in the postdata ... received from the search form. ... Oggetto: sql injection question ... I have no idea on programming sql at all, but have read of some of the sql ...
    (Full-Disclosure)
  • Re: Error running Query in form
    ... (single quotes inside the double ones). ... I use this technique of copying the SQL string from a query's SQL view ... >> Adam, ... >> HTH, ...
    (microsoft.public.access.formscoding)
  • Re: Best practice for setting ANSI Nulls and Quoted Identifiers?
    ... > is critical when single quotes are embedded in the string. ... But this is only an issue for dynamic SQL, which should be the excepion as ... ANSI standard behavior dictates that comparison of NULL's return NULL. ...
    (microsoft.public.sqlserver.programming)