[thelist] merging a dictionary to sql table
Joshua Olson
joshua at waetech.com
Wed Nov 16 07:30:01 CST 2005
> -----Original Message-----
> From: Alex Beston
> Sent: Wednesday, November 16, 2005 2:05 AM
>
> when it gets to abbey's it doesnt like that ' in the keyword. i take it
> i would escape it with a \ or even better remove all that have an
> apostrophe since what sort of dictionary should have apostrophed words?
Hi Alex,
What about words with clitics, or double clitics, such as shouldn't've or
wouldn't've? Certainly those words are unique enough to be listed in the
dictionary. :-)
In regards to where to fix the system in this case: I would suggest that, as
a best practice, a coder get in the habit of running strings through an
escaping function if he or she plans on including the string within a SQL
query. Such a practice will harden the code against many forms of SQL
injection and will avoid time lost while troubleshooting issues such as the
one encountered here.
<><><><><><><><><><>
Joshua L. Olson
WAE Tech Inc.
http://www.waetech.com/
Phone: 706.210.0168
Fax: 413.812.4864
Monitor bandwidth usage on IIS6 in real-time:
http://www.waetech.com/services/iisbm/
More information about the thelist
mailing list