Re: users using &, ", ', and other chars in input fields

"Daniel Morgan" <damorgan_at_x.washington.edu> wrote in message news:1075475994.817194_at_yasure...
> Chris O wrote:
>
> >>I see no evidence of dynamic SQL having anything to do with the OP's
> >>question. Perhaps this is my error but what I saw was:
> >>
> >>SQL> CREATE TABLE test (
> >> 2 testcol VARCHAR2(20));
> >>
> >>SQL> insert into test values (TRANSLATE('ABC&DEF', 'A&', 'A'));
> >>
> >>1 row created.
> >>
> >>SQL> select * from test;
> >>
> >>TESTCOL
> >>--------------------
> >>ABCDEF
> >>
> >>SQL>
> >>
> >>Ampersand stripped out.
> >>
> >>--
> >>Daniel Morgan
> >
> > Hi Daniel.
> >
> > As I read it, there were two examples given.
> >
> > The first was this:
> >
> >>>>>As an example users enter double quotes in a text field surrounding a
> >>>>>specific piece of text they want to hi-lite and then it barfs during
> >
> > the
> >
> >>>>>oracle insert step because the string is not properly delimited.
> >>>>>
> >
> > which implies to me that their application is constructing the SQL
insert
> > statement dynamically.
> >
> > Cheers Chris
>
> Perhaps. I was thinking more that it was something like:
>
> Enter Company Name: [ ]
>
> and the end-user entered:
>
> Enter Company Name: [Smith & Co. ]
>
> --
> Daniel Morgan
> http://www.outreach.washington.edu/ext/certificates/oad/oad_crs.asp
> http://www.outreach.washington.edu/ext/certificates/aoa/aoa_crs.asp
> damorgan_at_x.washington.edu
> (replace 'x' with a 'u' to reply)
>

Hi Daniel. Yes, I've just replied to another part of the thread and I'm still not sure whether I understand the question correctly but it is more interesting than writing my help manual...especially after a few beers :-) [37C over here today]

Cheers Chris Received on Fri Jan 30 2004 - 09:26:10 CST