extra characters on string

Thread view:

Enable EMail Alerts

Start New Thread

Thread rating:

bbdobuddy - 12 Sep 2007 17:40 GMT

Hi,

I am retrieving data from a binary field from a sql table and I am having a
problem with extra characters being tacked onto the end. The thePass
variable has some unknown spaces after it but I can't seem to trim them. Any
help would be appreciated.

Thanks

Here is the sql statement I am using

SELECT CAST(password AS VARCHAR(50)) AS thePass FROM " + Session["dbOwner"]
+ "tblpassword WHERE USERNAME = '" + userName + "'"

Reply to this Message

Alberto Poblacion - 12 Sep 2007 17:51 GMT

> I am retrieving data from a binary field from a sql table and I am having
> a
[quoted text clipped - 8 lines]
> Session["dbOwner"]
> + "tblpassword WHERE USERNAME = '" + userName + "'"

What is the original type of the column "password"? Since you are casting
it to varchar, I assume that it was not originally a varchar. Maybe the type
of conversion that is taking place can give us a hint as to why additional
characters are appearing.

On a different note, be aware that this statement suffers a risk of
being subject to a sql injection. If the user, when entering the userName,
typed (for example) something like "';drop table tblpassword--", you would
be in trouble.

Reply to this Message

Ignacio Machin ( .NET/ C# MVP ) - 12 Sep 2007 18:16 GMT

Hi,

> Hi,
>
[quoted text clipped - 4 lines]
> Any
> help would be appreciated.

Why are you casting it as varchar?
What does the original column hold? , In what format?

> Thanks
>
[quoted text clipped - 3 lines]
> Session["dbOwner"]
> + "tblpassword WHERE USERNAME = '" + userName + "'"

Reply to this Message

extra characters on string

Free Magazines