SQL Query with single quote in parameter

Level Extreme platform

Subscription

Corporate profile

Products & Services

Support

Legal

Français

SQL Query with single quote in parameter

Message

From

22/07/2005 08:57:13

Keith Payne
Technical Marketing Solutions
Florida, United States

21/07/2005 15:13:27

Paul Moon
Business Software Solutions
Layton, Utah, United States

General information

Forum:

ASP.NET

Category:

ADO.NET

Title:

Re: SQL Query with single quote in parameter

Environment versions

Environment:

C# 1.1

OS:

Windows XP SP2

Network:

Windows XP

Database:

MS SQL Server

Miscellaneous

Thread ID:

01034862

Message ID:

01035074

Views:

>I am actually experiencing this problem using the Compact Framework with SQLCE, however I assume it is an issue typical to SQL in general.
>
>The following code fails if any of the parameters have a single quote (') in their values.
>
>

>public DataSet GetItemRecord (string cText1, string cText2, string cMenu)
>{
>	return Execute("itemmenu",string.Format(
>		"SELECT * "+
>		"	FROM itemmenu "+
>		"	WHERE buttontxt1 = '{0}' AND buttontxt2 = '{1}' AND alt_name = '{2}'",
>		cText1, cText2, cMenu));
>}
>

>
>I am sure there is a standard way of dealing with this. I know I can do parameterized queries, but there are so many of these types of situations that I would like to know a quicker way.
>
>As a followup, as a long time VFP programmer who has only dabbled with SQL, can you recommend a good reference for dealing with SQL syntax, etc.
>
>Thanks,
>
>Paul R. Moon
>Business Software Solutions

Paul,

To get a literal single quote into an Sql Server parameter, replace it with two single-quotes.

Map

View

Click here to load this message in the networking platform