2

I am maintaining a column in SQL server database for storing a text file(JSON) with some other fields.

Type: varchar(max),The column can be null sometimes.

A C# application reads some log files which are in JSON format and insert the file into database using insert query. The file is inserted as a string.

My problem is the JSON can file can contain single quote letters in between texts, I have faced this issue and fixed by escaping the single quote by referring this question.

My questions are

  1. What all are the validation or escape characters I need to be aware while sending a file as the string to the database in my c# application.

  2. is there any better way to maintain a file in the database other than as varchar text.

If any points are not clear for you, please post your concerns in the comments.

I hope code snippets are not needed for this query.

Thanks.

Venkat
  • 2,549
  • 2
  • 28
  • 61
  • 3
    base64 encode it or store it as a blob. – Equalsk Nov 17 '17 at 11:11
  • 7
    The contents of the file shouldn't matter one bit when you're trying to insert it. The basic problem here is that you're using **string concatenation** to build the SQL. **DON'T! DO! THIS!** Use parameters, at which point the contents, quotes or not, won't matter and you're not open to SQL injection attacks. – Lasse V. Karlsen Nov 17 '17 at 11:13
  • 2
    If you use *prepared statements* you don't have all those problems. The framework just handles it. – juergen d Nov 17 '17 at 11:18
  • @LasseVågsætherKarlsen : Thanks for sharing the original post, I am somehow unable to find this in my search. – Venkat Nov 17 '17 at 11:40

0 Answers0