What does it mean N'some string' in SQL Server. I mean if I can use it to prevent against SQL Injection?
For example:
... LIKE N'%somePattern%'
Is SQL Injection safe ?
Asked
Active
Viewed 170 times
0
-
1It means the string is unicode. It does nothing about sql injection. – Bert Mar 04 '17 at 20:08
-
Out of interest - what made you think it would help prevent (or was in any way related to) SQL injection? – RB. Mar 04 '17 at 20:09
-
also http://stackoverflow.com/questions/10025032/what-is-the-meaning-of-the-prefix-n-in-t-sql-statements – Mark Schultheiss Mar 04 '17 at 20:09
2 Answers
2
The N has nothing to with SQL injection. You need to use it when you use unicode data
From msdn:
Prefix Unicode character string constants with the letter N. Without the N prefix, the string is converted to the default code page of the database. This default code page may not recognize certain characters.
James Z
- 12,209
- 10
- 24
- 44
1
It means the string is an nchar as opposed to a char (see What is the difference between char, nchar, varchar, and nvarchar in SQL Server?)
It's purely about the datatype - nothing to do with SQL injection at all.
-
`nvarchar` as opposed to `varchar` to be precise. String literals are treated as variable length. – Martin Smith Mar 04 '17 at 22:33