Ado.Net and Unicode (N')

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

So, we're converting a large ASP.Net application from ASCII only to Unicode.
The only issue we've run into, on SQL Server, is the N prefix for literals.

We create all our Sql statements dynamically, and most of the time we do not
(yet) use bind variables, we just construct the Sqls.

So the questions is: Is it possible to add the N prefix "automagically"
somehow? I guess the answer is; No, unless you use bind variables
(Parameters). If so; how would I make this happen?
 
Jarle said:
So, we're converting a large ASP.Net application from ASCII only to
Unicode. The only issue we've run into, on SQL Server, is the N
prefix for literals.

We create all our Sql statements dynamically, and most of the time we
do not (yet) use bind variables, we just construct the Sqls.

So the questions is: Is it possible to add the N prefix
"automagically" somehow? I guess the answer is; No, unless you use
bind variables (Parameters). If so; how would I make this happen?
Click to expand...

Well, you can concat it in of course, when you have to concat in a
string value.

Though I'd indeed move to parameters, as it's the only way to doing
proper dyn. sql: your queries will be faster (as the execution plans
will be re-used) and they'll be secure (as no longer Sql injection
attacks are possible)

FB

--
------------------------------------------------------------------------
Lead developer of LLBLGen Pro, the productive O/R mapper for .NET
LLBLGen Pro website: http://www.llblgen.com
My .NET blog: http://weblogs.asp.net/fbouma
Microsoft MVP (C#)
------------------------------------------------------------------------
 
Frans Bouma said:
Well, you can concat it in of course, when you have to concat in a
string value.

Though I'd indeed move to parameters, as it's the only way to doing
proper dyn. sql: your queries will be faster (as the execution plans
will be re-used) and they'll be secure (as no longer Sql injection
attacks are possible)
Click to expand...

As I feared/assumed then. I'm all for parameters, but my project manager
might not get the funding we need to to this... But thanx for the answer
anyways!

Cheers,
 
Jarle said:
As I feared/assumed then. I'm all for parameters, but my project
manager might not get the funding we need to to this... But thanx for
the answer anyways!
Click to expand...

erm... so you won't be allowed to fix a potential security hole in the
code because of funding? How can someone possibly deny funding for
fixing security issues...

FB

--
------------------------------------------------------------------------
Lead developer of LLBLGen Pro, the productive O/R mapper for .NET
LLBLGen Pro website: http://www.llblgen.com
My .NET blog: http://weblogs.asp.net/fbouma
Microsoft MVP (C#)
------------------------------------------------------------------------
 
erm... so you won't be allowed to fix a potential security hole in the
code because of funding? How can someone possibly deny funding for
fixing security issues...
Click to expand...

Because sometimes it's more important to survive than to actually code 100%
correct... I'm working on proving that this is a security hole and then we
might get the funding we need, but for now it's more important to actually
deliver (and thus make some money) than to fix stuff that might be a security
hole...
 
Back
Top