>> Doubling is not a solution unless you are hardcoding the value.
>> Parameters should be used.
>
>Of course it can be a solution. You write a function called "EncodeLiteralStringForSQL()" and it finds any invalid characters and transforms them into what they need to be to allow the INSERT to proceed.
>
>Highly inelegant compared to parameters, but it is still a solution. I prefer to present all options and then discuss "best practices" to settle on the best way to go. In any case, there is nothing wrong with knowing how to do it for the scenario where you are actually inserting a literal and just want to know how to get it done. Setting up a parameterized situation in SQL Server Management Studio, for instance, would take a lot more time than simply typing in one extra tick. The same goes for inserting dates, etc. where you need to learn how the underlying database engine handles things. I like to understand the underpinnings before relying on the higher-level (and more suitable) techniques. That's what makes errors so much fun to learn from. Exasperating, but eventually illuminating. *smile*
>
>Thanks,
>Joe Kaufman
"Present all solutions" is a bad idea, in my opinion. I can think of a lot scenarios where I can easily present 10-20 solutions, but why should I? The one who asks usually wants the best and/or the most flexible solution.