SQL Query with single quote in parameter

Plateforme Level Extreme

Abonnement

Profil corporatif

Produits & Services

Support

Légal

English

SQL Query with single quote in parameter

Message

22/07/2005 08:57:13

Keith Payne
Technical Marketing Solutions
Floride, États-Unis

21/07/2005 15:13:27

Paul Moon
Business Software Solutions
Layton, Utah, États-Unis

Information générale

Forum:

ASP.NET

Catégorie:

ADO.NET

Titre:

Re: SQL Query with single quote in parameter

Versions des environnements

Environment:

C# 1.1

OS:

Windows XP SP2

Network:

Windows XP

Database:

MS SQL Server

Divers

Thread ID:

01034862

Message ID:

01035074

Vues:

>I am actually experiencing this problem using the Compact Framework with SQLCE, however I assume it is an issue typical to SQL in general.
>
>The following code fails if any of the parameters have a single quote (') in their values.
>
>

>public DataSet GetItemRecord (string cText1, string cText2, string cMenu)
>{
>	return Execute("itemmenu",string.Format(
>		"SELECT * "+
>		"	FROM itemmenu "+
>		"	WHERE buttontxt1 = '{0}' AND buttontxt2 = '{1}' AND alt_name = '{2}'",
>		cText1, cText2, cMenu));
>}
>

>
>I am sure there is a standard way of dealing with this. I know I can do parameterized queries, but there are so many of these types of situations that I would like to know a quicker way.
>
>As a followup, as a long time VFP programmer who has only dabbled with SQL, can you recommend a good reference for dealing with SQL syntax, etc.
>
>Thanks,
>
>Paul R. Moon
>Business Software Solutions

Paul,

To get a literal single quote into an Sql Server parameter, replace it with two single-quotes.

Répondre

Fil

Voir

Click here to load this message in the networking platform