tags:

views:

123

answers:

5
+1  Q: 

Best approach to remove special characters using ColdFusion and Microsoft SQL?

I want to remove all special characters (",/{}etc.) from an input field being saved as a string to the DB.

What is the best approach?

Should this check be tackled with JS, ColdFusion or Microsoft SQL - Maybe all three?

How would I go about coding this using ColdFusion or Microsoft SQL?

+3  A: 

Are you sure you want to blacklist only those characters? Usually a much safer approach is to whitelist only the acceptable characters.

If you want to ensure your data is kept pure, the safest place to do this is at source, using an INSERT/UPDATE trigger.

You could write a UDF that does this in T-SQL, or for best performance, implement it as a CLR function using C# or similar.

Doing this only in SQL could cause validation issues, though. E.g., if the user has only entered invalid characters on a required field, they essentially have given you no input, so your GUI will likely need to throw a validation error. So, best to have validation checks for usability in your front-end, and triggers for data integrity on the back end.

RedFilter  2010-09-28 19:24:50
+2  A: 
Al Everett  2010-09-28 19:25:00
How would I go about also leaving the spaces in the string?
Alex  2010-09-28 19:40:49
Add it as a valid character. I've changed my answer to allow the use of the space character.
Al Everett  2010-09-28 20:14:47
Why leave out punctuations?
Henry  2010-09-28 20:39:40
+2  A: 

Use a regular expression in Coldfusion

<cfset cleanInput = rereplace(form.input,"[^A-Za-z0-9]","","all") />

This says replace any character that is not A through Z or a through z or 0 through 9 with nothing and do it for everyone encountered.

Jason Tabler  2010-09-28 19:25:13
As for "when to do it":Javascript: When you need the user to know for a convenienceApplication Server: Always for validation and you can request correctionsDB Level: Depends on your organization's policy, but is really just extra, extra. It's easier to give feedback at the application level.
Jason Tabler  2010-09-28 19:27:46
+1  A: 

Remove it on the app layer (i.e. CF) makes most sense.

Maybe you'll find this useful:

http://demo.bryantwebconsulting.com/datamgr/word.cfm

Henry  2010-09-28 19:32:47
+1  A: 

For UI, You should check out JQuery Masked input.

http://digitalbush.com/projects/masked-input-plugin/

http://plugins.jquery.com/project/maskedinput

Vikas  2010-09-29 04:26:11

related questions

Backup SQL Schema Only?
Sql to query a dbs scheme
Timer-based event triggers
Sql query, count and group by
Paging SQL Server 2005 Results
SQL 2005 For XML Explicit - Need help formatting
How do I use T-SQL Group By
What all do I need to escape when sending a (My)SQL query?
Split String in SQL
Datatable vs Dataset
ASP.NET MVC "CRUD" Database Sample
Convert HashBytes to VarChar
Best Book for a new Database Developer
What is the best way to avoid SQL injection attacks?
What language do you use for Postgresql triggers and stored procedures?
What is the best way to handle multiple permission types?
How do I index a database field
Swap unique indexed column values in database.
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
Is there a version control system for database structure changes?
How to export data from SQL Server 2005 to MySQL
ASP.NET Site Maps
Decoding T-SQL CAST in C#/VB.net
Flat File Databases in PHP