Re: Handling Quotes in Expression Builder
- From: Chuck P <Chuck@xxxxxxxxxxxxxxxx>
- Date: Thu, 09 Mar 2006 09:23:32 -0700
I would much prefer to use parameters but have no idea how to.
I just saw a property line for the statement to execute and figured
that SSIS is just taking the value and sticking it into
sqlcommand.text. Don't know how to use the interface to add a
parameter.
thanks,
On Thu, 9 Mar 2006 04:33:28 -0800, Darren Green
<darren.green@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
My SQL statememt uses single quotes to delimit strings, so I need to escape.
them when they are contained in the data string. The expression uses double
quotes, but nowhere do I have a luiteral double quote, so no worries.
My expression is this -
"INSERT Table VALUES('" + REPLACE(@[User::Data], "'", "''") + "')"
My variable value is this-
My silly string's have quotes, " double as well.
The evaluated result is-
INSERT Table VALUES('My silly string''s have quotes, " double as well.')
Using the parameter support of the Execute SQL Task would be safer and
possibly easier. String concatenation for SQL statements just means a risk of
SQL injection by default.
- References:
- Handling Quotes in Expression Builder
- From: Chuck P
- Handling Quotes in Expression Builder
- Prev by Date: Re: Handling Quotes in Expression Builder
- Next by Date: Re: Updating existing records
- Previous by thread: Re: Handling Quotes in Expression Builder
- Next by thread: Checkpoint capability in Integration Services
- Index(es):
Relevant Pages
|
