0

I have a question about storing special characters (umlauts, german characters, etc) in the profile tables in SQL with asp.net.

We feed this information into another database with form submissions, and we found that when these fields reached the end database, some characters like ö or ä, etc were coming in as their ascii codes like ä and ö.

I looked back into the aspnet_Profile table and looked for the source data and found that the characters had been stored that way in the database.

My question is. Is there a way to store these characters as ö or ä in sql server, or do I need to encode/decode (which?) when I pull them out of the profile to show on the webpage and insert into the end database (which is Oracle and can handle these characters).

if i have to encode/decode each field from the profile table, do i do it when i submit the data to the profile? or when i retrieve the data form the profile for the website/record insert to Oracle?

sorry if it's a newbie question, but i am a newbie!

4

1 回答 1

0

问题是如果您直接构建 SQL 而不是使用参数来传递值。

如果您构建一个 INSERT 语句,例如:

string cmd = string.Format("INSERT INTO FOO (col) VALUES ({0})", value);

Oracle 可能没有意识到您正在传递一个 Unicode 字符串并将其转义。这也让您对潜在的 SQL 注入黑客持开放态度,但这是另一回事。

您需要为传递到数据库的任何值使用参数。例如:

using (var conn = new OracleConnection(connectionString)) {
    using (var command = new OracleCommand("INSERT INTO FOO (col) VALUES (?)")) {
        command.Connection = conn;
        command.Parameters.AddWithValue("?", value);
        command.ExecuteNonQuery();
    }
}
于 2012-12-05T21:47:41.347 回答