The %S_MSG that starts with '%.*ls' is too long. Maximum length is %d.
If you enclose a character string in double quotation marks that is more than 128 characters, the application may receive this error. When the QUOTED_IDENTIFIERS option is set on (SET QUOTED_IDENTIFIERS ON), Microsoft® SQL Server™ expects quoted identifiers to be enclosed in double quotation marks (“) and data values to be enclosed in single quotation marks (‘). In the case of character parameters of stored procedures, data values enclosed in double quotation marks are accepted by SQL Server if the character string is less than 128 characters. They should be considered syntax errors by SQL Server and generate an error.
You can also see this in ODBC applications using the SQL Server ODBC driver versions 2.50.0121 and later. These drivers set QUOTED_IDENTIFIERS ON when run against a SQL Server version 6.x or later server so that the driver’s behavior more closely matches the ANSI and ODBC standards. ODBC applications which use double quotation marks for parameter values may see this behavior after you upgrade to SQL Server 6.x or later and the ODBC 2.50.0121 or later driver.
This behavior has been seen when using stored procedures that contain nested stored procedure execution with parameters delimited in double quotation marks (such as xp_cmdshell) from ODBC applications such as Microsoft Internet Information Service (IIS).
SQL Server does not always flag stored procedure parameters enclosed in double quotation marks if the SET QUOTED_IDENTIFIER ON option has been issued.
Change the procedure call to enclose the parameter values in single quotation marks:
EXECUTE myproc 1, 'abcdefghijklmn'
ODBC applications can also use bound parameter markers instead of providing the values directly using either proprietary Transact-SQL syntax:
SQLExecDirect(hstmt, "EXECUTE myproc ?,?", SQL_NTS);
or, the ODBC standard syntax:
SQLExecDirect(hstmt, "{ call myproc (?,?)}", SQL_NTS);
In these cases, you may be able to work around the problem by placing a SET QUOTED_IDENTIFIER OFF statement at the beginning of the stored procedure. This setting will be in effect only for the scope of the stored procedure and will not affect other statement execution outside of the stored procedure.
CREATE PROCEDURE iisproc
AS
BEGIN
DECLARE @stmt varchar(255)
SET QUOTED_IDENTIFIER OFF
SELECT @stmt = 'xp_cmdshell "c:\myprog xxxxxxxxxxxxxxxxxxxxxxx"' EXECUTE (@stmt)
END
| Errors 1 - 999 | SET QUOTED_IDENTIFIER |
| EXECUTE | Using Identifiers |