|
database
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Are there escape characters for SQL?I think it is a very simple question, but i don't know the answer. I am
developing a web site in C# and ASP.NET . If an entry like "Here is Sam's Pub" is entered into a Textbox exception occurs. Since " ' " character causes problem. Are there any escape character? Or how can i solve this problem? -- No Sign Put that in double quotes in your querystring before sending it to the
sqlserver, or use the escape function: ESCAPE 'stringexpressions' HTH, Jens Suessmeyer. --- http://www.sqlserver2005.de --- Show quote "basulasz" <basul***@discussions.microsoft.com> wrote in message news:FFE12898-05FC-40FE-9009-BD925E43E6BE@microsoft.com... >I think it is a very simple question, but i don't know the answer. I am > developing a web site in C# and ASP.NET . If an entry like "Here is Sam's > Pub" is entered into a Textbox exception occurs. Since " ' " character > causes > problem. Are there any escape character? Or how can i solve this problem? > -- > No Sign I thought the Escape function only related to pattern searches and was used to
identify the character used escape wildcards and such like so: '\[* ESCAPE '\' Thomas Show quote "Jens Süßmeyer" <Jens@remove_this_for_contacting_sqlserver2005.de> wrote in message news:emhmKWwgFHA.2424@TK2MSFTNGP09.phx.gbl... > Put that in double quotes in your querystring before sending it to the > sqlserver, or use the escape function: > > ESCAPE 'stringexpressions' > > HTH, Jens Suessmeyer. > > --- > http://www.sqlserver2005.de > --- > > > "basulasz" <basul***@discussions.microsoft.com> wrote in message > news:FFE12898-05FC-40FE-9009-BD925E43E6BE@microsoft.com... >>I think it is a very simple question, but i don't know the answer. I am >> developing a web site in C# and ASP.NET . If an entry like "Here is Sam's >> Pub" is entered into a Textbox exception occurs. Since " ' " character causes >> problem. Are there any escape character? Or how can i solve this problem? >> -- >> No Sign > > I think you are thinking of the QuoteName function where you can do something
like: QuoteName('O''Doule', '''') And get 'O''Doule' Thomas Show quote "Jens Süßmeyer" <Jens@remove_this_for_contacting_sqlserver2005.de> wrote in message news:emhmKWwgFHA.2424@TK2MSFTNGP09.phx.gbl... > Put that in double quotes in your querystring before sending it to the > sqlserver, or use the escape function: > > ESCAPE 'stringexpressions' > > HTH, Jens Suessmeyer. > > --- > http://www.sqlserver2005.de > --- > > > "basulasz" <basul***@discussions.microsoft.com> wrote in message > news:FFE12898-05FC-40FE-9009-BD925E43E6BE@microsoft.com... >>I think it is a very simple question, but i don't know the answer. I am >> developing a web site in C# and ASP.NET . If an entry like "Here is Sam's >> Pub" is entered into a Textbox exception occurs. Since " ' " character causes >> problem. Are there any escape character? Or how can i solve this problem? >> -- >> No Sign > > Yes, double-up single quotes.
PRINT 'Here is Sam''s pub' You can also designate escape characters manually using ESCAPE (see Books Online), but this can be a pain... Also, please don't get into the habit of delimiting strings with double quotes. These can be misinterpreted as quoted identifiers, which will completely change the way your code works. Show quote "basulasz" <basul***@discussions.microsoft.com> wrote in message news:FFE12898-05FC-40FE-9009-BD925E43E6BE@microsoft.com... >I think it is a very simple question, but i don't know the answer. I am > developing a web site in C# and ASP.NET . If an entry like "Here is Sam's > Pub" is entered into a Textbox exception occurs. Since " ' " character > causes > problem. Are there any escape character? Or how can i solve this problem? > -- > No Sign Better yet you might want to use parameterized queries or stored procedures
Show quote "basulasz" wrote: > I think it is a very simple question, but i don't know the answer. I am > developing a web site in C# and ASP.NET . If an entry like "Here is Sam's > Pub" is entered into a Textbox exception occurs. Since " ' " character causes > problem. Are there any escape character? Or how can i solve this problem? > -- > No Sign If you use parameterized queries, you won't need to escape the single
quotes. Also it will help protect you against SQL injection attacks. Show quote "basulasz" <basul***@discussions.microsoft.com> wrote in message news:FFE12898-05FC-40FE-9009-BD925E43E6BE@microsoft.com... >I think it is a very simple question, but i don't know the answer. I am > developing a web site in C# and ASP.NET . If an entry like "Here is Sam's > Pub" is entered into a Textbox exception occurs. Since " ' " character > causes > problem. Are there any escape character? Or how can i solve this problem? > -- > No Sign Use double quotes to get around this issue in your string.
select 'Here is Sam's Pub' gives error. select 'Here is Sam''s Pub' gives desired results. Hope this helps. Show quote "basulasz" wrote: > I think it is a very simple question, but i don't know the answer. I am > developing a web site in C# and ASP.NET . If an entry like "Here is Sam's > Pub" is entered into a Textbox exception occurs. Since " ' " character causes > problem. Are there any escape character? Or how can i solve this problem? > -- > No Sign You should read up on the SQL Injection attack and parameterized queries.
Replace the single quote with two single quotes throughout the string. Show quote "basulasz" <basul***@discussions.microsoft.com> wrote in message news:FFE12898-05FC-40FE-9009-BD925E43E6BE@microsoft.com... > I think it is a very simple question, but i don't know the answer. I am > developing a web site in C# and ASP.NET . If an entry like "Here is Sam's > Pub" is entered into a Textbox exception occurs. Since " ' " character causes > problem. Are there any escape character? Or how can i solve this problem? > -- > No Sign  |
|||||||||||||||||||||||
Other interesting topics