CodeSmith Community
Your Code. Your Way. Faster!
Forums » .netTiers » Support » Find method treats semi-colon as special character?

Find method treats semi-colon as special character?

Previous | Next
Latest post 02-09-2007 12:20 AM by Crimper. 1 replies.

  • 02-08-2007 1:29 PM

    Find method treats semi-colon as special character?

    Reply |Contact

    I've noticed that the SqlProviders.generated.cs files do something special with a semi-colon, as in:

    if (whereClause.IndexOf(";") > -1)

    return new Tygart.MatchBox.Entities.TList<Trait>();

    So, an empty TList is returned if any part of the WHERE clause (including the data) has a semi-colon in it.

    What is the purpose of that?  A semi-colon is not that unusual in a text string.  Smile

     
    Filed under:
    • Post Points: 35

  • 02-09-2007 12:20 AM In reply to

    • Crimper
    • Top 25 Contributor
    • Joined on 03-03-2005
    • Vancounver, BC Canada
    • Posts 172
    • Points 3,075

    Re: Find method treats semi-colon as special character?

    Reply |Contact
    I think that is a very simple attempt to prevent SQL Injection attacks.
    Phil Bolduc
    Vancouver, BC Canada -------------------------------------------------
    Former member of the .NetTiers team
    2007 MSDN Code Award - Team Developer Award winner
    -------------------------------------------------
    • Post Points: 5
Page 1 of 1 (2 items) | RSS
Copyright © 2008 CodeSmith Tools, LLC
Powered by Community Server (Commercial Edition), by Telligent Systems