Replace chr(13) + chr(10)

Level Extreme platform

Subscription

Corporate profile

Products & Services

Support

Legal

Français

Replace chr(13) + chr(10)

Message

From

31/03/2019 05:51:22

Naoto Kimura
Jantek Electronics, Inc.
Temple City, California, United States

30/03/2019 17:11:45

Dmitry Litvak
Massachusetts, United States

General information

Forum:

Visual FoxPro

Category:

Coding, syntax & commands

Title:

Re: Replace chr(13) + chr(10)

Miscellaneous

Thread ID:

01667754

Message ID:

01667771

Views:

Aside from the carriage return and linefeed, an apostrophe could similarly cause problems if you're concatenating strings to create SQL statement.

You could continue to concatenate strings by making sure to pass all values through a function that alters the data strings so that they contain proper "escapes" to allow for proper interpretation. Aside from having to write this function, you're still going to have to alter pretty much all the lines of code where you're concatenating the SQL command strings anyway. At that point it's probably easier to simply parameterize your SQL commands (at least with that you're not left with question if you've covered all the possible situations with that "escaping" function code).

as for the dangers of SQL injection:
https://xkcd.com/327/

>You are right. I will re-write my code to use the parametrized command. I am not concerned about SQL injection. But in this particular procedure it is necessary.
>
>>
>>I'm not sure you will be able to find a workaround.
>>
>>See Message #1026953.
>>
>>Also, as a good practice, parameterizing helps to protect against SQL injection. For upcoming development, you might want to establish a data class which does it all for you. I do not have any direct value assignation for a SQL command since years.

Map

View

Click here to load this message in the networking platform