Solved

Any characters or string not accepted in MS SQL?

Posted on 2011-03-09
10
381 Views
Last Modified: 2012-05-11
Hi,
I have a text (an article in fact) that i want to insert into a column (text). I noticed that with the HTML tag (even with HTMLencode), the text will not be inserted to MS SQL.

However, with just a normal text (with all the HTML tag removed), it's able to be inserted.

Thus my question is that any char, string, text format that is not accepted in MS SQL? So that i can filter out these unacceptable combination prior to inserting.

Thanks.
0
Comment
Question by:tangteng78
  • 4
  • 4
  • 2
10 Comments
 
LVL 23

Expert Comment

by:wdosanjos
Comment Utility
No, SQL Server accepts all characters.  

The issue should be on the code that is inserting the data.  Can you post the code in question?
0
 

Author Comment

by:tangteng78
Comment Utility
Same code is used.

I'd attached to you the 2 different input, one is the HTML text (which is not being inserted) vs the normal text (which work just fine).


HTMLtext.txt
NormalText.txt
0
 
LVL 23

Expert Comment

by:OP_Zaharin
Comment Utility
1-are you using any particular programming to insert the HTML? if you are using ASP, you  have to set ValidateRequest=false on the top of the page_Directive.

2-you can also create a procedure to handle the html codes as shown in another thread: http://www.experts-exchange.com/Programming/Languages/.NET/ASP.NET/Q_26506114.html
0
 

Author Comment

by:tangteng78
Comment Utility
Hi,
What's the difference then? Coz the same code is able to insert normal text. I'm using asp.net (vb). Still confuse if this is due to the coding.
0
 
LVL 23

Expert Comment

by:wdosanjos
Comment Utility
Please post the asp.net code that inserts the data.
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 

Author Comment

by:tangteng78
Comment Utility
There you go.

function that takes in 2 parameters (the strBody variable is the one that takes in the HTML/normal text)
=================================================================================

objDb.insert(strSubject, HttpUtility.HtmlEncode(strBody))

And the class objDB class itself.
===========================
    'Insert new tweets
    Function insert(ByVal strTitle As String, ByVal strBody As String) As Integer

        '-----------------------------------------------------------------------------------------------
        'STORED PROCEDURE - INSERT (NON QUERY)
        '-----------------------------------------------------------------------------------------------
        'Setup and open connection string
        Dim con As New SqlConnection("Data Source=database/table,3181;DATABASE=;User ID=db;Password=db12;Trusted_Connection=False")

        con.Open()

        'Setup dataset and data adapter
        Dim dt As New DataTable
        Dim adp As New SqlDataAdapter

        'Setup stored procedure calls
        Dim cmd As New SqlCommand("isure", con)
        With cmd
            .CommandType = CommandType.StoredProcedure
            .Parameters.AddWithValue("@action", "insert")
            .Parameters("@action").Direction = ParameterDirection.Input
            .Parameters.AddWithValue("@id", String.Empty)
            .Parameters("@id").Direction = ParameterDirection.Input
            .Parameters.AddWithValue("@title", strTitle)
            .Parameters("@title").Direction = ParameterDirection.Input
            .Parameters.AddWithValue("@body", strBody)
            .Parameters("@body").Direction = ParameterDirection.Input
        End With

        'Run query
        adp.SelectCommand = cmd
        adp.Fill(dt)

        'Close connection
        con.Close()

        'Return the last inserted isure_info_id
        Return CInt(dt(0)(0))

    End Function

And the store procedure.
=====================
ALTER PROCEDURE [dbo].[isure]

      @action AS VARCHAR(50),
      @id AS INTEGER,
      @title AS VARCHAR(max),
      @body as nvarchar(max)
      
AS

DECLARE @NewId varchar(30)

IF @action = 'insert'
BEGIN
      
INSERT m_isure_info (title, body, created_date) VALUES (@title, @body, GETDATE())
SET @NewId=SCOPE_IDENTITY()            /*Get last inserted id*/

END
0
 
LVL 23

Expert Comment

by:wdosanjos
Comment Utility
Your stored proc and ASP.NET look good.  Can you verify that strBody contains a value just before calling objDb.insert?  Also, you said that the HTML value is not inserted. What happens exactly?  Does the code throws an exception, inserts nulls, or else?
0
 

Author Comment

by:tangteng78
Comment Utility
Yes, the strBody does contain the value prior to the store procedure.And it doesn't throw any error, it seems that it inserted a null.
0
 
LVL 23

Expert Comment

by:wdosanjos
Comment Utility
What tool do you use to query the database to verify that the data is not there?

Please run the following select.

     select title, len(body), created_date, body from m_isure_info

I'm suspecting that your db tool cannot display the html data due to its size.
0
 
LVL 23

Accepted Solution

by:
OP_Zaharin earned 500 total points
Comment Utility
have you try other datatype than nvarchar? try ntext maybe?
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Join & Write a Comment

Introduction: When running hybrid database environments, you often need to query some data from a remote db of any type, while being connected to your MS SQL Server database. Problems start when you try to combine that with some "user input" pass…
Data architecture is an important aspect in Software as a Service (SaaS) delivery model. This article is a study on the database of a single-tenant application that could be extended to support multiple tenants. The application is web-based develope…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now