Thomas Sampson


2 Comments

Odbc Memory allocation error

Today I tried upgrading the odbc drivers on my server from 3.5 to 5.1. I immediately ran in to troubles and got a “Memory allocation error” when executing a non query to mySql. After reverting back to driver version 3.5 i found that the error was caused simply by a “data too long for field” error which i quickly fixed in no time at all.

I am not sure if the memory allocation error i received with the new drivers was related to this but if anyone could explain this I would love to know whats going off. If anyone gets a memory allocation error in 5.1 it might be worth checking to ensure the data your inserting fits into the row.


Leave a comment

Connection string rules

Important rules for connection strings

This is general rules adopted by most drivers and providers. However, keep in mind that these rules is not 100% accurate for every driver and every situation.

Never the less, following and knowing about these basic rules will keep some common problems out of your way. Okay? Here we go..

  • All blank characters, except those placed within a value or within quotation marks, are ignored
  • Blank characters will though affect connection pooling mechanism, pooled connections must have the EXACT same connection string
  • If a semicolon (;) is part of a value it must be delimited by quotation marks (“)
  • Use a single-quote (‘) if the value begins with a double-quote (“)
  • Conversely, use the double quote (“) if the value begins with a single quote (‘)
  • No escape sequences are supported
  • The value type is NOT relevant
  • Names are case iNsEnSiTiVe
  • If a KEYWORD=VALUE pair occurs more than once in the connection string, the value associated with the LAST occurrence is used
  • But!… if the PROVIDER keyword occurs multiple times in the string, the FIRST occurrence is used.
  • If a keyword contains an equal sign (=), it must be preceded by an additional equal sign to indicate that it is part of the keyword.


Leave a comment

Avioding SQL injection

After much playing around and problems I finally figured how to add safe parameters into an odbc command. Here is a sample….

OdbcCommand postcomment = new OdbcCommand(“insert into comments values (‘”+newguid+”‘,'”+itemid+”‘,?)”, temp);

Here the ? represents the first and only parameter to be passed into the command using..

postcomment.Parameters.AddWithValue(“@comment”, comment);

then

postcomment.ExecuteNonQuery();

If you were to include > 1 ? symbols, the parameters must be added in the order they appear in your original command.