Best method to disallow special characters

Plateforme Level Extreme

Abonnement

Profil corporatif

Produits & Services

Support

Légal

English

Best method to disallow special characters

Message

04/10/2005 12:36:15

Sergey Berezniker
New York, États-Unis

04/10/2005 12:22:06

Rollin Burr
SAIC
Stafford, Virginie, États-Unis

Information générale

Forum:

Microsoft SQL Server

Catégorie:

Sécurité

Titre:

Re: Best method to disallow special characters

Divers

Thread ID:

01055902

Message ID:

01055936

Vues:

You have to check for each "bad" character but code can be shorter. Something like

DECLARE @BadCharList varchar(32), @I INT, @BadCharFound int, @StringToTest varchar(50)

SET @StringToTest = 'CHECK Constraint )'

SET @BadCharList = '!@#$%^&*()'
SET @BadCharFound = 0
SET @i=1

WHILE @i <= DATALENGTH(@BadCharList) AND @BadCharFound = 0 BEGIN
	SET @BadCharFound = CHARINDEX( SUBSTRING(@BadCharList, @I, 1), @StringToTest) 
	SET @i = @i + 1
END	

PRINT @BadCharFound

>The function would allow the code to be reused over several tables or even databases. It could be used in triggers.
>
>CREATE FUNCTION HasSpecChar (@StringToTest VARCHAR(5000))
>RETURNS BIT AS
>BEGIN
> DECLARE @ReturnBit BIT
> SET @ReturnBit =
> CASE WHEN '~' IN (@StringToTest) THEN 1
> WHEN '!' IN (@StringToTest) THEN 1
> .
> .
> .
> WHEN '?' IN (@StringToTest) THEN 1
> WHEN '/' IN (@StringToTest) THEN 1
> ELSE 0
> END
>
> Return(@ReturnBit)
>END
>
>In a trigger or a CHECK Constraint there is still the issue of having to check each field for each special character. Can you think of a better, quicker way of doing this, or is this as good as another choice?

--sb--

Répondre

Fil

Voir

Click here to load this message in the networking platform