Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Best method to disallow special characters
Message
From
04/10/2005 12:36:15
Sergey Berezniker
New York, United States
 
 
To
04/10/2005 12:22:06
Rollin Burr
SAIC
Stafford, Virginia, United States
General information
Forum:
Microsoft SQL Server
Category:
Security
Title:
Re: Best method to disallow special characters
Miscellaneous
Thread ID:
01055902
Message ID:
01055936
Views:
14
You have to check for each "bad" character but code can be shorter. Something like
DECLARE @BadCharList varchar(32), @I INT, @BadCharFound int, @StringToTest varchar(50)

SET @StringToTest = 'CHECK Constraint )'

SET @BadCharList = '!@#$%^&*()'
SET @BadCharFound = 0
SET @i=1

WHILE @i <= DATALENGTH(@BadCharList) AND @BadCharFound = 0 BEGIN
	SET @BadCharFound = CHARINDEX( SUBSTRING(@BadCharList, @I, 1), @StringToTest) 
	SET @i = @i + 1
END	

PRINT @BadCharFound
>The function would allow the code to be reused over several tables or even databases. It could be used in triggers.
>
>CREATE FUNCTION HasSpecChar (@StringToTest VARCHAR(5000))
>RETURNS BIT AS
>BEGIN
> DECLARE @ReturnBit BIT
> SET @ReturnBit =
> CASE WHEN '~' IN (@StringToTest) THEN 1
> WHEN '!' IN (@StringToTest) THEN 1
> .
> .
> .
> WHEN '?' IN (@StringToTest) THEN 1
> WHEN '/' IN (@StringToTest) THEN 1
> ELSE 0
> END
>
> Return(@ReturnBit)
>END
>
>In a trigger or a CHECK Constraint there is still the issue of having to check each field for each special character. Can you think of a better, quicker way of doing this, or is this as good as another choice?
--sb--
Previous
Reply
Map
View

Click here to load this message in the networking platform