This is the error, i got in ASP.net, C#.net, Sq server 2005:
i'm inserting following value using FCKEDITOR:
Incorrect syntax near 's'. Incorrect syntax near the keyword 'with'. If this statement is a common table expression or an xmlnamespaces clause, the previous statement must be terminated with a semicolon. An expression of non-boolean type specified in a context where a condition is expected, near 'high'. The label 'align' has already been declared. Label names must be unique within a query batch or stored procedure. The label 'http' has already been declared. Label names must be unique within a query batch or stored procedure. The label 'color' has already been declared. Label names must be unique within a query batch or stored procedure. The identifier that starts with 'http://maps.google.com/maps?f=q&sll=37.283253,-121.886050&view=text&hl=en&q=225+North+Jackson+Avenue,+san+jose,+' is too long. Maximum length is 128. The identifier that starts with 'http://maps.google.com/maps?f=q&sll=37.283253,-121.886050&view=text&hl=en&q=225+North+Jackson+Avenue,+san+jose,+' is too long. Maximum length is 128. Unclosed quotation mark after the character string ')'.
i'm inserting following value using FCKEDITOR:
As the Silicon Valley continues to change and grow, so does Regional Medical Center of San Jose. With an employed staff of 1,400 and a medical staff of more than 500 professionals specializing in 21 fields of medicine, dentistry and podiatry, Regional offers world-class healthcare to residents throughout the greater San Jose community.
Since 1965, Regional has been an essential part of Santa Clara County's public and private health care networks. With a licensed bed capacity of 204 on a spacious campus at Jackson and McKee, Regional is an acute-care hospital that offers a comprehensive array of inpatient and outpatient services. Our six Centers of Excellence include Emergency and Trauma, Cardiovascular, Women and Children’s Health, Neurosciences, Cancer Care and Medical/Surgical Services. Each specialized area focuses on advancing the science of medicine while providing high quality and safe patient care.
In October 2005, Regional broke ground on a $160-million expansion effort that will result in the addition of several new facilities to the hospitals campus, in addition to vital upgrades to existing hospital services. We are looking forward to providing our patients, physicians, nurses and support staff a new and improved state-of-the-art facility. For details on Regional’s Expansion 2008 efforts click here.
Regional is an affiliate of HCA, the nation’s leading provider of healthcare services, composed of approximately 180 hospitals and 91 outpatient surgery centers in 23 states, England and Switzerland.
Address:
225 North Jackson Avenue
San Jose, CA 95116
Telephone: (408) 259-5000
and one value from other text box: but, it's work well for other then above value.
Thank You, in advance
Re: Getting error when storing in sql server
Thanks again,
Re: Getting error when storing in sql server
Your issue is a microsoft issue not FCKEditors. You will need to post process the request variable from FCKEditor to replace any apostophes with double apostrophes eg fcktxt = replace(request("fcktxt"),"'","''") before saving to SQL server.
Hope that helps
Re: Getting error when storing in sql server
It's not a Microsoft issue - one has to encode data properly when talking to the database. See here for more info:
http://en.wikipedia.org/wiki/SQL_injection
http://msdn.microsoft.com/en-us/library/ms161953.aspx
Re: Getting error when storing in sql server
BUt, will u pls. tell me the code.?
how can i do it.?
I'm using following code to sotre it.:
Thanks again.
Re: Getting error when storing in sql server
Re: Getting error when storing in sql server
As for SQL injection, use parameter binding instead of string concatenation.