www.webdeveloper.com
Results 1 to 4 of 4

Thread: HELP - Constraints on text data type

  1. #1
    Join Date
    May 2008
    Posts
    10

    HELP - Constraints on text data type

    In response to a SQL injection attack, I have a product description field that I would like to add a constraint to.

    EMS tells me I cannot do this as the field is of the text data type and not varchar. The field needs to be able to handle over 8000 characters, hence the text data type.

    Is there any way I can make sure that data entered into that field does not contain the string 'script'?

    For varchars I have the following constraint:

    not [FieldName] like '%script%'

  2. #2
    Join Date
    Aug 2005
    Location
    The Garden State
    Posts
    5,634
    what if you use a trigger on the table?

  3. #3
    Join Date
    May 2008
    Posts
    10
    Hi - I have a sprinkling of knowledge about SQL, constraints I've just found out about and triggers I am completely in the dark about.

    I have noticed that tab in the EMS programme I use but don't know what it is for. I will read up, but if you can give me a clue how it might help that would be rather decent of you.

    Thanks!

  4. #4
    Join Date
    Aug 2005
    Location
    The Garden State
    Posts
    5,634
    triggers are sql code that can be executed whenever you an insert/update/delete, provided your DBMS supports it (read the sticky!) you could use it to clear or return an error when the value of certain columns contains this script.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles