- Function: Fn_escapecmdshellstring
- Description: returns an escaped version of a given string
- with cauts ('^') Added in Front of All The Special
- Command shell symbols.
- Parameter: @command_string nvarchar (4000)
-
Create function dbo.fn_escapecmdshellstring (
@command_string nvarchar (4000)) Returns nvarchar (4000) AS
Begin
Declare @escaped_command_string nvarchar (4000),
@curr_char nvarchar (1),
@Curr_CHAR_INDEX INT
SELECT @escaped_command_string = n '',
@Curr_Char = n '',
@curr_char_index = 1
While @curr_char_index <= len (@command_string)
Begin
SELECT @curr_char = substring (@command_string, @curr_char_index, 1)
IF @curr_char in ('%', '<', '>', '|', '&', '(') ',' ^ ',' ")
Begin
SELECT @escaped_command_string = @escaped_command_string n '^'
End
SELECT @escaped_command_string = @escaped_command_string @curr_char
SELECT @curr_char_index = @curr_char_index 1
End
Return @escaped_command_string
End
