Any characters or string not accepted in MS SQL?

Posted on 2011-03-09
Last Modified: 2012-05-11
I have a text (an article in fact) that i want to insert into a column (text). I noticed that with the HTML tag (even with HTMLencode), the text will not be inserted to MS SQL.

However, with just a normal text (with all the HTML tag removed), it's able to be inserted.

Thus my question is that any char, string, text format that is not accepted in MS SQL? So that i can filter out these unacceptable combination prior to inserting.

Question by:tangteng78
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
LVL 23

Expert Comment

ID: 35091110
No, SQL Server accepts all characters.  

The issue should be on the code that is inserting the data.  Can you post the code in question?

Author Comment

ID: 35091932
Same code is used.

I'd attached to you the 2 different input, one is the HTML text (which is not being inserted) vs the normal text (which work just fine).

LVL 23

Expert Comment

ID: 35092312
1-are you using any particular programming to insert the HTML? if you are using ASP, you  have to set ValidateRequest=false on the top of the page_Directive.

2-you can also create a procedure to handle the html codes as shown in another thread:
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.


Author Comment

ID: 35094307
What's the difference then? Coz the same code is able to insert normal text. I'm using (vb). Still confuse if this is due to the coding.
LVL 23

Expert Comment

ID: 35094408
Please post the code that inserts the data.

Author Comment

ID: 35103213
There you go.

function that takes in 2 parameters (the strBody variable is the one that takes in the HTML/normal text)

objDb.insert(strSubject, HttpUtility.HtmlEncode(strBody))

And the class objDB class itself.
    'Insert new tweets
    Function insert(ByVal strTitle As String, ByVal strBody As String) As Integer

        'Setup and open connection string
        Dim con As New SqlConnection("Data Source=database/table,3181;DATABASE=;User ID=db;Password=db12;Trusted_Connection=False")


        'Setup dataset and data adapter
        Dim dt As New DataTable
        Dim adp As New SqlDataAdapter

        'Setup stored procedure calls
        Dim cmd As New SqlCommand("isure", con)
        With cmd
            .CommandType = CommandType.StoredProcedure
            .Parameters.AddWithValue("@action", "insert")
            .Parameters("@action").Direction = ParameterDirection.Input
            .Parameters.AddWithValue("@id", String.Empty)
            .Parameters("@id").Direction = ParameterDirection.Input
            .Parameters.AddWithValue("@title", strTitle)
            .Parameters("@title").Direction = ParameterDirection.Input
            .Parameters.AddWithValue("@body", strBody)
            .Parameters("@body").Direction = ParameterDirection.Input
        End With

        'Run query
        adp.SelectCommand = cmd

        'Close connection

        'Return the last inserted isure_info_id
        Return CInt(dt(0)(0))

    End Function

And the store procedure.
ALTER PROCEDURE [dbo].[isure]

      @action AS VARCHAR(50),
      @id AS INTEGER,
      @title AS VARCHAR(max),
      @body as nvarchar(max)

DECLARE @NewId varchar(30)

IF @action = 'insert'
INSERT m_isure_info (title, body, created_date) VALUES (@title, @body, GETDATE())
SET @NewId=SCOPE_IDENTITY()            /*Get last inserted id*/

LVL 23

Expert Comment

ID: 35103514
Your stored proc and ASP.NET look good.  Can you verify that strBody contains a value just before calling objDb.insert?  Also, you said that the HTML value is not inserted. What happens exactly?  Does the code throws an exception, inserts nulls, or else?

Author Comment

ID: 35103877
Yes, the strBody does contain the value prior to the store procedure.And it doesn't throw any error, it seems that it inserted a null.
LVL 23

Expert Comment

ID: 35104858
What tool do you use to query the database to verify that the data is not there?

Please run the following select.

     select title, len(body), created_date, body from m_isure_info

I'm suspecting that your db tool cannot display the html data due to its size.
LVL 23

Accepted Solution

OP_Zaharin earned 500 total points
ID: 35135340
have you try other datatype than nvarchar? try ntext maybe?

Featured Post

MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Are triggers slow? 7 28
MS SQL Server select from Sub Table 14 49
Replication failure 1 31
What Is an Error? 2 58
INTRODUCTION: While tying your database objects into builds and your enterprise source control system takes a third-party product (like Visual Studio Database Edition or Red-Gate's SQL Source Control), you can achieve some protection using a sing…
In this article I will describe the Copy Database Wizard method as one possible migration process and I will add the extra tasks needed for an upgrade when and where is applied so it will cover all.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question