KnowledgeBase Archive

An Archive of Early Microsoft KnowledgeBase Articles

View on GitHub

Q158729: Characters Converted by Httpodbc.dll

Article: Q158729
Product(s): Internet Information Server
Version(s): 2.0
Operating System(s): 
Keyword(s): 
Last Modified: 22-FEB-2002

-------------------------------------------------------------------------------
The information in this article applies to:

- Microsoft Internet Information Server version 2.0 
-------------------------------------------------------------------------------

SUMMARY
=======

Certain characters are converted when you pass them into the Internet Database
Connector (IDC) mechanism (Httpodbc.dll).

MORE INFORMATION
================

The Internet Database Connector makes the following conversions on characters
when it passes from an HTML form into the IDC file.

The following can cause a problem when you try to pass portions of a Microsoft
SQL Server statement into an IDC file. It is not recommended to pass entire
portions of a SQL statement in via parameters. Due to malicious users
potentially being able to specify rogue SQL parameters alter intended
application usage.

- Double all single quotes to prevent SQL quoting problem.

- Remove escaped '\n's.

- Replace all '&' parameter delimiters with real '\n'.


Additional query words:

======================================================================
Keywords          :  
Technology        : kbiisSearch kbiis200
Version           : :2.0

=============================================================================

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Copyright Microsoft Corporation 1986-2002.