December 20, 2011 at 4:16 am
Dear All,
When I try to insert the string with single quote (') in the Sql Server 2008 table through dotnet 2010 it is inserting properly. But while retreiving or updating the single quote entry unhandled exception is occuring. One of my friend told that it is because SQL Server will not accept single quote. Is it correct? Is there any solution for this?
December 20, 2011 at 4:42 am
Use replace function to replace single quote (') with two single quotes ('')
REPLACE ( string_expression , string_pattern , string_replacement )
December 20, 2011 at 4:50 am
Dear Dev,
May I have the example please?
December 20, 2011 at 7:11 am
Better yet, parameterize your queries or turn it into a stored proc. If you are doing inserts with a pass through query you are vulnerable for sql injection. It strongly discouraged to do pass through queries. A pass through query is when you build a string dynamically and execute that string against your database.
_______________________________________________________________
Need help? Help us help you.
Read the article at http://www.sqlservercentral.com/articles/Best+Practices/61537/ for best practices on asking questions.
Need to split a string? Try Jeff Modens splitter http://www.sqlservercentral.com/articles/Tally+Table/72993/.
Cross Tabs and Pivots, Part 1 – Converting Rows to Columns - http://www.sqlservercentral.com/articles/T-SQL/63681/
Cross Tabs and Pivots, Part 2 - Dynamic Cross Tabs - http://www.sqlservercentral.com/articles/Crosstab/65048/
Understanding and Using APPLY (Part 1) - http://www.sqlservercentral.com/articles/APPLY/69953/
Understanding and Using APPLY (Part 2) - http://www.sqlservercentral.com/articles/APPLY/69954/
December 27, 2011 at 6:51 am
Hi,
Could you please provide your sample update query here. How you use the single quote in your query needs to be checked.
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply