Why escaping quote doesn't work with my webservice?
I access to my webservice like that:
- http://localhost/SuiPService/SuiPDataService.svc/GetShowCodeFiltered?&showName='auto'
It works fine, but when I try:
- http://localhost/SuiPService/SuiPDataService.svc/GetShowCodeFiltered?&showName='auto''
it failed, ok this I understand, but if I encode the url like that:
- http://localhost/SuiPService/SuiPDataService.svc/GetShowCodeFiltered?&showName='auto%27'
I get the error Bad Re开发者_C百科quest - Error in query syntax. too
What is the solution?
The reason it's failing is because %27 is equal to '.
Everything is encoded before being sent to the web server, even if the URL box doesn't say so.
This will become hard to maintain and possibly confuse your users. I'd change it so you aren't padding the variable with ' and that way you can use http://localhost/SuiPService/SuiPDataService.svc/GetShowCodeFiltered?&showName=auto' if you need to have a ' after it.
Also, if you need the '' around auto. Consider doing this on the server side.
It looks like your using this to build an SQL query...
See here for the reason PHP deprecated it for that exact reason: http://en.wikipedia.org/wiki/Magic_quotes
Hope this helps,
Jeffrey Kevin Pry
精彩评论