T-SQL escape quote character

Question

NOTE: It's probably a duplicate but I can't find working answer.

Following is what i'm trying todo, notice a ' in the value. How do I fix this?

INSERT INTO [pugraider].[dbo].[Realms]([Name]) VALUES('Aman'Thul')

I use MS SQL Server Management Studio 2008.

EDIT: I'm writing a script to populate a lookup table (ID<->Name).

Answer 1

This will work:-

INSERT INTO [pugraider].[dbo].[Realms]([Name]) VALUES('Aman''Thul')

Ordinarily the only reason to have such hardcoded values in T-SQL is in DB construction code such as initialising look up tables.

Otherwise this code might be a result of string concatenation to build up some T-SQL from some input source. If that is the case its worth finding ways to avoid it since it can open your application to SQL injection attacks.

Answer 2

INSERT INTO [pugraider].[dbo].[Realms]([Name]) VALUES('Aman''Thul')

Answer 3

Use two single quotes to escape a single quote in the string

INSERT INTO [pugraider].[dbo].[Realms]([Name]) VALUES('Aman''Thul')

Thanks

Answer 4

Use double single quote(but no double quote)as

INSERT INTO [pugraider].[dbo].[Realms]([Name]) VALUES('Aman''Thul')

http://blog.sqlauthority.com/2008/02/17/sql-server-how-to-escape-single-quotes-fix-error-105-unclosed-quotation-mark-after-the-character-string/

Answer 5

Just double it up:

INSERT INTO [pugraider].[dbo].[Realms]([Name]) VALUES('Aman''Thul')

Answer 6

The escape character in t-sql is a single quote. So the 'Aman'Thul' should be changed to 'Aman''Thul'