SQL command maximum length?

Discussion in 'Databases' started by chriscanali, Jan 20, 2006.

Thread Status:
Threads that have been inactive for 5 years or longer are closed to further replies. Please start a new thread.
  1. chriscanali

    chriscanali

    Is there a maximum lengthfor OLEDBSQL commands in Visual Basic? In an application of mine I have a textbox for users to enter in data that I assumed would not be limited by length, but it appears that my SQL command (with the textbox's textpassed in toit)is being truncated when the text is fairly long (multiple sentances). Thanks.
     
    chriscanali, Jan 20, 2006
    #1
  2. mikeymac

    mikeymac

    I'm not aware of any VB limits. Did you receive an error saying something like "data would be truncated"? If so, a field in your table is probably too small to handle one of the items you are trying to insert in the table.
     
    mikeymac, Jan 24, 2006
    #2
  3. Bruce

    Bruce DiscountASP.NET Staff

    I am not aware of any limit on asp.net itself. I ran some long query before and had no problem.

    Did you get any error? If there's a limit (that we do not know of), you would assume ASP.NET would throw an error.

    Bruce

    DiscountASP.NET
    www.DiscountASP.NET
     
    Bruce, Jan 24, 2006
    #3
  4. joelnet

    joelnet

    joelnet, Jan 24, 2006
    #4
  5. chriscanali

    chriscanali

    I think it's okay now, it just so happened that the long text I was testing it with had an apostrophe in it and of coarse that screws up the command. My solution to that was just to check the key entered and if it an apostrophe than cancel it (e.handled = true).
     
    chriscanali, Jan 25, 2006
    #5
  6. Bruce

    Bruce DiscountASP.NET Staff

    yeah.. this is a common problem.

    also try cleaning the string using simple command like this

    strSQLQuery = Replace(strSQLQuery, ''', '''')

    Bruce

    DiscountASP.NET
    www.DiscountASP.NET
     
    Bruce, Jan 25, 2006
    #6
  7. joelnet

    joelnet

    You should always check EVERYTHING being inserted into sql to make sure the ' is escaped. You escape it by inserting '' two.

    Not escaping this single quote will allow your database to be hijacked through sql injection (very very bad).


    Joel Thoms

    DiscountASP.NET
    http://www.DiscountASP.NET
     
    joelnet, Jan 25, 2006
    #7
Thread Status:
Threads that have been inactive for 5 years or longer are closed to further replies. Please start a new thread.

Share This Page