Re: handling apostrophe
From: Tibor Karaszi (tibor_please.no.email_karaszi_at_hotmail.nomail.com)
Date: 09/29/04
- Next message: jez123456: "Trigger on View"
- Previous message: Lars Grøtteland: "Re: Save as in SQL Server(Backup - Restore)"
- In reply to: darkstar_E2: "Re: handling apostrophe"
- Next in thread: Vishal Khajuria: "Re: handling apostrophe"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 29 Sep 2004 13:29:57 +0200
Just use Replace(varname, "'", "''") in your client app. I.e., replace each single quote with two
single quotes before submitting it to SQL server. Or better yet, use command and parameter objects
in ADO.NET which will do this for you. And, even better yet, use stored procedures with command and
parameter objects.
-- Tibor Karaszi, SQL Server MVP http://www.karaszi.com/sqlserver/default.asp http://www.solidqualitylearning.com/ "darkstar_E2" <darwin_e@comtechsolutions.com> wrote in message news:%23SW24XhpEHA.1576@TK2MSFTNGP12.phx.gbl... > yes i believe so. but the real problem behind this scenario is not that i am > coding in vb.net and i am using a routine that will get data from the > database by feeding it with a sql statement as parameter. > Let say: GetDataFromStatement("Select * from tblARInvoice") > The problem here is if i will feed the parameter with a string variable that > will determine tha filter. > Let say I have a variable in Vb ( _CustomerID).. and i will use this to > filter my data. > i will use this : > GetDataFromStatement("Select * from tblARInvoice where strCustomer = ' " > & _CustomerID & "'" ) > Now, what if the _CustomerID variable contains boy's game.. > How can i feed it in the routine if i am only a user of that routine.. > I would really appreciate an answer... > > > > > > > > "Tibor Karaszi" <tibor_please.no.email_karaszi@hotmail.nomail.com> wrote in > message news:OOJPH8gpEHA.3300@TK2MSFTNGP12.phx.gbl... > > > But i do not want to use this: > > > set @str = 'boy''s game' > > > > Why don't you want to use the proper way of doing it? Prefixing a single > quote with another single > > quote is the defined and documented way to get a single quote into the > column/variable. It is even > > defined in the ANSI/ISO SQL standard. > > > > -- > > Tibor Karaszi, SQL Server MVP > > http://www.karaszi.com/sqlserver/default.asp > > http://www.solidqualitylearning.com/ > > > > > > "darkstar_E2" <darwin_e@comtechsolutions.com> wrote in message > > news:%23RngP4gpEHA.3300@TK2MSFTNGP12.phx.gbl... > > > Dear All, > > > I have some trouble handling the apostrophe( ' ) contained in a string. > Let > > > say i have a string (boy's game). How can i pass this to a variable @str > . > > > I can't pass this using this: > > > set @str = 'boy's game' -> this will produce error. > > > But i do not want to use this: > > > set @str = 'boy''s game' > > > Please reply to this problem.... > > > > > > > > > > > >
- Next message: jez123456: "Trigger on View"
- Previous message: Lars Grøtteland: "Re: Save as in SQL Server(Backup - Restore)"
- In reply to: darkstar_E2: "Re: handling apostrophe"
- Next in thread: Vishal Khajuria: "Re: handling apostrophe"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
