The Database Forum

**Truly** · 05-16-2009, 01:54 PM

If I have a limit in the database on the number of characters that a field can hold is that enough to stop someone from dropping a massive file in the query to take down the server or do I need to check the length ahead of time server side?

**Falcone** · 05-20-2009, 11:24 AM

you have to check every kind of data that is coming from forms or from the requeststring

**hostcadet** · 05-29-2009, 07:53 PM

That would be a very good idea

**dostind** · 05-29-2009, 08:47 PM

do substring during insert with a simple code..

**willcode4beer** · 05-29-2009, 08:51 PM

Quote:

Originally Posted by dostind

do substring during insert with a simple code..

Not that simple.
You need to clean every piece of data before calling the database.

[IMG]file:///tmp/moz-screenshot.jpg[/IMG]

**Leon Dudovich** · 06-03-2009, 08:58 AM

Quote:

Originally Posted by willcode4beer

Not that simple.
You need to clean every piece of data before calling the database.

[IMG]file:///tmp/moz-screenshot.jpg[/IMG]

Not simple at all (( I try to understand and even try to do by myself... Nothing... Its like another planet for me. SEO -yes, copywriting - yes, but no database )))

**Truly** · 06-08-2009, 12:52 PM

willcode4beer thats a funny cartoon, nice find