ansaurus

Question

SQL Escape ' '

Answer 1

A:

do like this SET @query = 'SELECT * FROM Table WHERE [Name] = ''''Karl'''''

KuldipMCA 2009-06-30 07:00:59

this will not work, unless Karl is stored in the database with one single quote before and after his name like 'Karl' because it results in the actual query being: SELECT * FROM Table WHERE [Name] = ''Karl''

KM 2009-06-30 14:42:28

thne add one more Quote at the enddo like this SET @query = 'SELECT * FROM Table WHERE [Name] = ''''Karl'''''' like this

KuldipMCA 2009-07-01 04:49:27

Answer 2

A:

Simply escape the apostrophes by using the escaping bar \ like this 'SELECT * FROM Table WHERE [Name] = ' \'Karl\' ' '

Hope it helps

Carlos 2009-06-30 07:06:25

that will not work in sql server's t-sql

KM 2009-06-30 14:37:11

Answer 3

+2 A:

This works on my machine from SQL Server Management Studio:

@query varchar(max)

SET @query = 'SELECT * FROM Table WHERE [Name] = ''''''Karl'''''''

EXEC(@query)

Manga Lee 2009-06-30 07:09:04

this will not work, unless Karl is stored in the database with two single quotes before and after his name like ''Karl'' because it results in the actual query being: SELECT * FROM Table WHERE [Name] = '''Karl'''

KM 2009-06-30 14:39:55

Answer 4

+2 A:

There are several ways that you can escape character data in SQL Server, some people even advocate the use of the QUOTENAME() functions.

If you really want to develop of solid understanding of this subject area then may I recommend that you take a look at what experienced SQL Server Developers consider to be essential reading with regard to the different methods you can use to incorporate Dynamic T-SQL into your coding.

The Curse and Blessings of Dynamic SQL

John Sansom 2009-06-30 08:27:28

Same place I point people towards.

dverespey 2009-06-30 14:44:17

Answer 5

A:

Try:

DECLARE @query varchar(max)

SET @query = 'SELECT * FROM Table WHERE [Name] = ''Karl'''

PRINT 'when in doubt, print the query out: '+ISNULL(@query,'')
EXEC(@query)

To have a single quote appear, you need to have two adjacent single quotes. You escape a single quote with a single quote, for example:

PRINT ''''     --will print a one single quote
PRINT ''''''   --will print two single quotes
PRINT 'can''t' --will print can't

KM 2009-06-30 14:35:51

Answer 6

A:

A double single ('') quote will act like a single single quote when inside a string literal.

Have you tried using a variable?

declare @karl_name varchar(10);
set @karl_name = '''Karl''';

SELECT * FROM Table WHERE [Name] = @karl_name

Matt Brunell 2009-06-30 15:08:17

Answer 7

A:

This works:

create table #demo([Name] varchar(max))
insert into #demo([Name]) values('''Karl''')
insert into #demo([Name]) values('Karl')
declare @query varchar(max)
set @query = 'SELECT * FROM #demo WHERE [Name] = ''''''Karl'''''''
EXEC(@query)

Output:

'Karl'

But if 'Karl' is variable text, it's highly recommended to use something like this instead:

declare @query nvarchar(max)
declare @param varchar(max)
set @param = N'''Karl'''
set @query = N'SELECT * FROM #demo WHERE [Name] = @param'
exec sp_executesql @query, N'@param varchar(max)', @param

BlueMonkMN 2009-06-30 15:16:24

ansaurus

tags:

views:

answers:

SQL Escape ' '

related questions