problem while inserting email address
9 views
Skip to first unread message
Mario
Jul 2, 2008, 8:18:00 AM7/2/08
to H2Sharp
1st sorry for my english :-)
Problem: While inserting a text with "@" character into database, the
H2Sharp throw "missing parameter" exception
...
H2Command command = conn.CreateCommand();
command.CommandText = "INSERT INTO
addressbook(id_adr,name_adr,email_adr) VALUES (1,'Mario',
'ma...@g.com')";
command.ExecuteNonQuery(); //throw exception "missing parameter"
...
id_adr is BIGINT
name_adr and email_adr are VARCHAR(50)
Is there some special escaping in H2Sharp wrapper?
Problem: While inserting a text with "@" character into database, the
H2Sharp throw "missing parameter" exception
...
H2Command command = conn.CreateCommand();
command.CommandText = "INSERT INTO
addressbook(id_adr,name_adr,email_adr) VALUES (1,'Mario',
'ma...@g.com')";
command.ExecuteNonQuery(); //throw exception "missing parameter"
...
id_adr is BIGINT
name_adr and email_adr are VARCHAR(50)
Is there some special escaping in H2Sharp wrapper?
JonoPorter
Jul 3, 2008, 6:38:54 PM7/3/08
to H2Sharp
This was a bug and I have just posted a new version that fixes this,
but you should really consider using Parameterized Statements. They
get rid of the chance of SQL injection. And would have got rid of
this error.
but you should really consider using Parameterized Statements. They
get rid of the chance of SQL injection. And would have got rid of
this error.
Mario
Jul 4, 2008, 3:30:10 AM7/4/08
to H2Sharp
Thanks a lot. The new version works great. And thanks for advice with
using Parameterized Statements as well. Now, I needn’t escape
dangerous characters.
using Parameterized Statements as well. Now, I needn’t escape
dangerous characters.
Reply all
Reply to author
Forward
0 new messages