Not true, at least for the case of MS Sql Server 7. The following statement: insert into customer (name, primary_contact) values ('a', '4') succeeds where primary_contact is of type int (I also tried numeric just to be sure). I write code like this all of the time when I know the column names but not their types. Did you actually try this yourself before posting? What results did you observe? Eric. > -----Original Message----- > From: Jeremy Whittington [mailto:jwhittat_private] > Sent: Tuesday, February 08, 2000 10:52 AM > To: BUGTRAQat_private > Subject: Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads > advisory) > > > Hello, > > I would like to make a comment on your statment about SQL > Syntax and how you > deal with numeric values. > > > If you're stating that you cannot enclose your numeric > values in single > > quotes in SQL query strings, it seems to be incorrect. I'm > also using SQL as > > my backend, and I've ALWAYS enclosed numbers in single > quotes, and it has > > always worked. > > When inserting data into a Numeric datatype you do not use > single quotes around > the values. > > If Field2 was a Numeric datatype in this example it would > Fail on MS SQL Server > 6.5, 7.0 , MS Access 97/2k, Oracle 6i+, and Dbase. > INSERT INTO Table (Field1, Field2) Vaules('String','1') >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:33:57 PDT