Not true, at least for the case of MS Sql Server 7. The following
statement:
insert into customer (name, primary_contact)
values ('a', '4')
succeeds where primary_contact is of type int (I also tried numeric just to
be sure). I write code like this all of the time when I know the column
names but not their types.
Did you actually try this yourself before posting? What results did you
observe?
Eric.
> -----Original Message-----
> From: Jeremy Whittington [mailto:jwhittat_private]
> Sent: Tuesday, February 08, 2000 10:52 AM
> To: BUGTRAQat_private
> Subject: Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads
> advisory)
>
>
> Hello,
>
> I would like to make a comment on your statment about SQL
> Syntax and how you
> deal with numeric values.
>
> > If you're stating that you cannot enclose your numeric
> values in single
> > quotes in SQL query strings, it seems to be incorrect. I'm
> also using SQL as
> > my backend, and I've ALWAYS enclosed numbers in single
> quotes, and it has
> > always worked.
>
> When inserting data into a Numeric datatype you do not use
> single quotes around
> the values.
>
> If Field2 was a Numeric datatype in this example it would
> Fail on MS SQL Server
> 6.5, 7.0 , MS Access 97/2k, Oracle 6i+, and Dbase.
> INSERT INTO Table (Field1, Field2) Vaules('String','1')
>
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:33:57 PDT