Forum > Databases

Strip Bad SQL Characters

(1/3) > >>

nugax:
Im trying to write a program that strips out bad char for SQL insert
Things liike (  '   "   ,  )  -

I have tried TStrings but you can not access an individual char ( that I can find) to change. I have tried move but get an access violation. Can you guys assist in a better idea? Right now, I just have it dropping the bad character (which is typically a formatting char i think)

Below is where I am at, but it produces an access violation:


--- Code: Pascal  [+][-]window.onload = function(){var x1 = document.getElementById("main_content_section"); if (x1) { var x = document.getElementsByClassName("geshi");for (var i = 0; i < x.length; i++) { x[i].style.maxHeight='none'; x[i].style.height = Math.min(x[i].clientHeight+15,306)+'px'; x[i].style.resize = "vertical";}};} ---function StripBadSQLChar(sStringGiven: string): string;var  iCnt: integer;  sReturnString: string;  boolBadChar: boolean; begin   try    iCnt := 0;    boolBadChar := False;    sReturnString := '';    while (iCnt < length(sStringGiven)) do    begin      case sStringGiven[iCnt] of        #34: begin          boolBadChar := True;          Write('Found quote');        end;        #39: begin          boolBadChar := True;        end;        #92: begin          boolBadChar := True;        end        else        begin          if (boolBadChar = False) then          begin            move(sStringGiven[iCnt], sReturnString[iCnt], 1);             //AppendStr(sReturnString[iCnt], sStringGiven[iCnt]);            //sReturnString[iCnt] := sStringGiven[iCnt];          end;         end;      end;      Inc(iCnt);    end;    finally     Result := sReturnString;  end; end;

Zvoni:
Why don't you just replace the "Bad" Chars with EmptyStr?

EDIT: Your AV probably stems from "sReturnString[iCnt]" not existing......
You initialize sReturnString with an empty String, so even sReturnString[0] doesn't exist

nugax:

--- Quote from: Zvoni on April 21, 2022, 04:26:06 pm ---Why don't you just replace the "Bad" Chars with ''?

--- End quote ---

it would look weird.
I got it done with a simple string replace

PascalDragon:

--- Quote from: nugax on April 21, 2022, 03:48:28 pm ---Im trying to write a program that strips out bad char for SQL insert
Things liike (  '   "   ,  )  -
--- End quote ---

Why don't you use prepared statements with parameters instead? Something like “insert into Foobar (Col1, Col2, Col3) values (:arg1, :arg2, :arg3)”? Cause then you don't need to worry about that...

kqha:
You should try to use prepared statement just like

--- Quote from: PascalDragon on April 21, 2022, 06:13:03 pm ---Why don't you use prepared statements with parameters instead? Something like “insert into Foobar (Col1, Col2, Col3) values (:arg1, :arg2, :arg3)”? Cause then you don't need to worry about that...

--- End quote ---

But in case you really need to strip them manually, it will be more readable (and less prone to error) to just write it like:

--- Code: Pascal  [+][-]window.onload = function(){var x1 = document.getElementById("main_content_section"); if (x1) { var x = document.getElementsByClassName("geshi");for (var i = 0; i < x.length; i++) { x[i].style.maxHeight='none'; x[i].style.height = Math.min(x[i].clientHeight+15,306)+'px'; x[i].style.resize = "vertical";}};} ---uses StrUtils; function StripBadSQLChar(sStringGiven: string): string;begin  Result := ReplaceStr(sStringGiven,#34,'');  Result := ReplaceStr(Result,#39,'');  Result := ReplaceStr(Result,#92,'');end; 

Navigation

[0] Message Index

[#] Next page

Go to full version