Special character in program

Question

Today my client just input '&' symbol into the text box. The string was something like 'ABC & XYZ'. When my program read the string, it interpret the symbol & as a parameter therefore prompt an error something like 'parameters out of bound'. I already explain to them that there are some special characters that needed to avoid using.

So I would like to know where can I look for a set of special characters that are not able to input into text box to avoid confusion in the program? Any links to this matter would help.

Answer 1

Characters to avoid pretty much depends on the Database and Programming Language.

In VB, what I watch out for mostly is on the use of a Double Quote(") which will terminate your string in VB.

If you have SQL Server/Mysql/MSACCESS as a database the Single Quote (') which terminates the string in SQL should also be avoided. Also the Dash(-) for turning the command into a comment. Since we're talking about comments, (/*) should also be wary of.

As for preventive measures, there's a plethora of them

1.) Parse the string before passing it.

2.) use Stored procedures in databases

3.) Manipulate keypress events (not really what I'd recommend, but it's a solution)

Edit: also, be wary of input that needs to be numeric! If you type in a string where a number is needed a database might read it as an object within it. This is easily prevented with the use of the val() function in vb.net

EDIT 2 you could use REPLACE.

        dim x as string = "This is Original"
        x = x.replace("Original", "Replaced")
        'you can also do x = replace(x, "Original", "Replaced")
        msgbox(x)

you should now have the string "This is Replaced"