I am using SQL Server 2008. And I am trying to insert a string into a table but only part of the string is inserted. I have checked whether it is a SQL injection risk. How to solve or avoid this problem?
insert into tble (col1, col2, col3)
values (23, 34, "out of 8 works, 5 works are completed");
Only Out of 8 Works is inserted, , 5 works are completed was skipped
The double quotes will only work if QUOTED_IDENTIFIERS is turned off, if you are worried about SQL injection then don't pass a string on the INSERT - parameterise it from the application. The string could be truncated because the col3 is not defined long enough - check that also.