tangteng78
asked on
Any characters or string not accepted in MS SQL?
Hi,
I have a text (an article in fact) that i want to insert into a column (text). I noticed that with the HTML tag (even with HTMLencode), the text will not be inserted to MS SQL.
However, with just a normal text (with all the HTML tag removed), it's able to be inserted.
Thus my question is that any char, string, text format that is not accepted in MS SQL? So that i can filter out these unacceptable combination prior to inserting.
Thanks.
I have a text (an article in fact) that i want to insert into a column (text). I noticed that with the HTML tag (even with HTMLencode), the text will not be inserted to MS SQL.
However, with just a normal text (with all the HTML tag removed), it's able to be inserted.
Thus my question is that any char, string, text format that is not accepted in MS SQL? So that i can filter out these unacceptable combination prior to inserting.
Thanks.
ASKER
Same code is used.
I'd attached to you the 2 different input, one is the HTML text (which is not being inserted) vs the normal text (which work just fine).
HTMLtext.txt
NormalText.txt
I'd attached to you the 2 different input, one is the HTML text (which is not being inserted) vs the normal text (which work just fine).
HTMLtext.txt
NormalText.txt
1-are you using any particular programming to insert the HTML? if you are using ASP, you have to set ValidateRequest=false on the top of the page_Directive.
2-you can also create a procedure to handle the html codes as shown in another thread: https://www.experts-exchange.com/questions/26506114/How-do-I-insert-HTML-encoded-tags-into-SQLServer-table.html
2-you can also create a procedure to handle the html codes as shown in another thread: https://www.experts-exchange.com/questions/26506114/How-do-I-insert-HTML-encoded-tags-into-SQLServer-table.html
ASKER
Hi,
What's the difference then? Coz the same code is able to insert normal text. I'm using asp.net (vb). Still confuse if this is due to the coding.
What's the difference then? Coz the same code is able to insert normal text. I'm using asp.net (vb). Still confuse if this is due to the coding.
Please post the asp.net code that inserts the data.
ASKER
There you go.
function that takes in 2 parameters (the strBody variable is the one that takes in the HTML/normal text)
========================== ========== ========== ========== ========== ========== =====
objDb.insert(strSubject, HttpUtility.HtmlEncode(str Body))
And the class objDB class itself.
========================== =
'Insert new tweets
Function insert(ByVal strTitle As String, ByVal strBody As String) As Integer
'------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ----------
'STORED PROCEDURE - INSERT (NON QUERY)
'------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ----------
'Setup and open connection string
Dim con As New SqlConnection("Data Source=database/table,3181 ;DATABASE= ;User ID=db;Password=db12;Truste d_Connecti on=False")
con.Open()
'Setup dataset and data adapter
Dim dt As New DataTable
Dim adp As New SqlDataAdapter
'Setup stored procedure calls
Dim cmd As New SqlCommand("isure", con)
With cmd
.CommandType = CommandType.StoredProcedur e
.Parameters.AddWithValue(" @action", "insert")
.Parameters("@action").Dir ection = ParameterDirection.Input
.Parameters.AddWithValue(" @id", String.Empty)
.Parameters("@id").Directi on = ParameterDirection.Input
.Parameters.AddWithValue(" @title", strTitle)
.Parameters("@title").Dire ction = ParameterDirection.Input
.Parameters.AddWithValue(" @body", strBody)
.Parameters("@body").Direc tion = ParameterDirection.Input
End With
'Run query
adp.SelectCommand = cmd
adp.Fill(dt)
'Close connection
con.Close()
'Return the last inserted isure_info_id
Return CInt(dt(0)(0))
End Function
And the store procedure.
=====================
ALTER PROCEDURE [dbo].[isure]
@action AS VARCHAR(50),
@id AS INTEGER,
@title AS VARCHAR(max),
@body as nvarchar(max)
AS
DECLARE @NewId varchar(30)
IF @action = 'insert'
BEGIN
INSERT m_isure_info (title, body, created_date) VALUES (@title, @body, GETDATE())
SET @NewId=SCOPE_IDENTITY() /*Get last inserted id*/
END
function that takes in 2 parameters (the strBody variable is the one that takes in the HTML/normal text)
==========================
objDb.insert(strSubject, HttpUtility.HtmlEncode(str
And the class objDB class itself.
==========================
'Insert new tweets
Function insert(ByVal strTitle As String, ByVal strBody As String) As Integer
'-------------------------
'STORED PROCEDURE - INSERT (NON QUERY)
'-------------------------
'Setup and open connection string
Dim con As New SqlConnection("Data Source=database/table,3181
con.Open()
'Setup dataset and data adapter
Dim dt As New DataTable
Dim adp As New SqlDataAdapter
'Setup stored procedure calls
Dim cmd As New SqlCommand("isure", con)
With cmd
.CommandType = CommandType.StoredProcedur
.Parameters.AddWithValue("
.Parameters("@action").Dir
.Parameters.AddWithValue("
.Parameters("@id").Directi
.Parameters.AddWithValue("
.Parameters("@title").Dire
.Parameters.AddWithValue("
.Parameters("@body").Direc
End With
'Run query
adp.SelectCommand = cmd
adp.Fill(dt)
'Close connection
con.Close()
'Return the last inserted isure_info_id
Return CInt(dt(0)(0))
End Function
And the store procedure.
=====================
ALTER PROCEDURE [dbo].[isure]
@action AS VARCHAR(50),
@id AS INTEGER,
@title AS VARCHAR(max),
@body as nvarchar(max)
AS
DECLARE @NewId varchar(30)
IF @action = 'insert'
BEGIN
INSERT m_isure_info (title, body, created_date) VALUES (@title, @body, GETDATE())
SET @NewId=SCOPE_IDENTITY() /*Get last inserted id*/
END
Your stored proc and ASP.NET look good. Can you verify that strBody contains a value just before calling objDb.insert? Also, you said that the HTML value is not inserted. What happens exactly? Does the code throws an exception, inserts nulls, or else?
ASKER
Yes, the strBody does contain the value prior to the store procedure.And it doesn't throw any error, it seems that it inserted a null.
What tool do you use to query the database to verify that the data is not there?
Please run the following select.
select title, len(body), created_date, body from m_isure_info
I'm suspecting that your db tool cannot display the html data due to its size.
Please run the following select.
select title, len(body), created_date, body from m_isure_info
I'm suspecting that your db tool cannot display the html data due to its size.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The issue should be on the code that is inserting the data. Can you post the code in question?