Re: Handling Strings in SQL server

Ah, no. There are several issues here. First, if your application has problems with the "O'Malley" issue (imbedded single quotes in strings), you need to address the problem at the root. While it's possible to simply pass two single quotes (O''Malley) this does not address the real problem. Consider than if your code permits users to enter strings with embedded single quotes, they can also introduce SQL injection attacks.

A real solution is to pass your string arguments to your SQL queries in ADO or ADO.NET Parameter objects. The data providers know how to frame strings so that imbedded single quotes are not an issue. This approach also deals with a number of other issues--including SQL injection.

hth

--
__________________________________________________________________________
William R. Vaughn
President and Founder Beta V Corporation
Author, Mentor, Dad, Grandpa
Microsoft MVP
(425) 556-9205 (Pacific time)
Hitchhiker’s Guide to Visual Studio and SQL Server (7th Edition)
____________________________________________________________________________________________

"MrSmersh" <MrSmersh@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:4E558D94-CD4D-44FC-A920-FBF9E3CF6448@xxxxxxxxxxxxxxxx
Your problem is the ', try \'. ' is the SQL string "enclosure" so you need to
escape it.


"Bhakti via DotNetMonster.com" wrote:

how to pass a string having delimitors in sql server cause it is give an
error while saving.

for ge. Name="'D'Malo'"

for this string it is giving an error.
how to resolve this.

--
Message posted via DotNetMonster.com
http://www.dotnetmonster.com/Uwe/Forums.aspx/dotnet-ado-net/200805/1


.

Relevant Pages

  • Re: Dynamic directory handles?
    ... Cost to develop code that saves those cycles: ... I use single quotes unless I require one of the two extra ... Some strings contain variables, some strings don't. ...
    (comp.lang.perl.misc)
  • Re: [PHP] Re: optimilize web page loading
    ... >>> doubles for the email. ... because the strings are not concatenated before output. ... adapting to using echo (to the ob to avaoid printing forty ... So, it looks like for echoing at least then single quotes are actually marginally slower than double quotes, and interpolation is faster. ...
    (php.general)
  • Re: How to deal with "{" in system("...command..."); ?
    ... I want to replace all strings of one blank followed by 8 dots ... You could use single quotes instead of double quotes, ... There's perhaps a better and shorter format of this command. ...
    (comp.lang.perl.modules)
  • Re: Does PHP have an end-of-file problem.
    ... If you switch to single quotes, the PHP interpreter won't ... execute variable interpolation on strings on which it's not needed. ...
    (comp.lang.php)
  • Re: Forms...and WHERE in mysql
    ... Strings in SQL are delimited with single quotes. ... Read about SQL injection. ...
    (comp.lang.php)
Quantcast