In response to a SQL injection attack, I have a product description field that I would like to add a constraint to.

EMS tells me I cannot do this as the field is of the text data type and not varchar. The field needs to be able to handle over 8000 characters, hence the text data type.

Is there any way I can make sure that data entered into that field does not contain the string 'script'?

For varchars I have the following constraint:

not [FieldName] like '%script%'

what if you use a trigger on the table?

Hi - I have a sprinkling of knowledge about SQL, constraints I've just found out about and triggers I am completely in the dark about.

I have noticed that tab in the EMS programme I use but don't know what it is for. I will read up, but if you can give me a clue how it might help that would be rather decent of you.

Thanks!

triggers are sql code that can be executed whenever you an insert/update/delete, provided your DBMS supports it (read the sticky!) you could use it to clear or return an error when the value of certain columns contains this script.