Click here to Skip to main content
15,880,608 members
Search within:


string with extra characters
Please Sign up or sign in to vote.
2.50/5 (2 votes)
See more:
C#2.0
C#
Dear all, Please help


in my web application i get some datas from user through text box.
i store the text box value in a variable and insert into database.


but when the user enters some characters like ',;,: in text box that show error how can i solve it.


for examle:anoop's,kira's etc.
Posted
Add a Solution

3 solutions

I assume that you are using a simple SQL query such as
SqlCommand cmd = new SqlCommand("INSERT INTO tab (field1) VALUES (" + textBox1.Text + ")");
And the database complains?

Congratulations! This is leaving an opening known as "SQL Injection".

The addition of special characters causes the database to process them as part of a command. For example (DO NOT DO THIS) if you enter "hello);DROP TABLES tab" into your text box, the SQL would see:
"INSERT INTO tab (field1) VALUES (hello);DROP TABLES tab;)"
as a single command.
Because ';' is a statement terminator, SQl sees this as two commands: An INSERT, followed by a DROP TABLES. It inserts your name as "hello", and then deletes the tab table.

Don't do it this way. Use a parameterized query:
XML
SqlCommand cmd = new SqlCommand("INSERT INTO tab (field1) VALUES (@NAME)");
cmd.AddWithValue("@NAME", textBox1.Text);

And you problem will disappear, instead of your tables...
 
Share this answer
 
Posted
You can define a regular expresssion to defined what is either acceptable (generally more thorough) or unacceptable.
Depending on the technology used (you don't say whether this ASP.NET, Winforms or WPF) you will need to use the regex in the relevant validator to prevent the user continuing before the input is corrected.

You should also check the input before insertion and reject if not valid, and pass the value as an SQL parameter to stop SQL injection attacks.
 
Share this answer
 
Posted
what is the data type of variable?????
 
Share this answer
 
Posted
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
count the number of characters in a string
application is displaying extra character in spanish
Extra characters in dotnetzip files
Remove characters from string
[Vb.net] extra characters/bytes in metadata after saving a png file
Sort characters of string alphabetically in java
Specify double quote character in a string
Remove duplicate character from my string ?
Character pointer as string not working
Why extra charcter coming while using the string again

Advertise
Privacy
Cookies
Terms of Use
Last Updated 24 Mar 2010
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web03 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900