 |
|
8000XXXX Errors Alerts ASP.NET 2.0 Classic ASP 1.0
Databases Access DB & ADO General SQL Server & Access Articles MySQL Other Articles Schema Tutorials Sql Server 2000 Sql Server 2005 General Concepts Search Engine Optimization (SEO)Search
ASP FAQ Tutorials :: Databases :: General SQL Server & Access Articles :: Apostrophes in SQL
How do I deal with an apostrophe (') in a SQL statement?
Easily one of the most frequently-asked questions in ASP and database-related forums.
The apostrophe is an illegal character in T-SQL because it is interpreted as a string delimiter. To allow a ' mark to be inserted into a database, simply double-up all occurences of the ' mark:
So to generate SQL queries:
In JScript, you could use the Replace() method also, however it behaves differently than in VBScript. Each call to .Replace() only affects the *first* instance it comes across. You can use RegExp to remind JScript to replace globally:
The apostrophe is an illegal character in T-SQL because it is interpreted as a string delimiter. To allow a ' mark to be inserted into a database, simply double-up all occurences of the ' mark:
| <% criteria = Replace(criteria,"'","''") %> |
So to generate SQL queries:
| <% mycrit = Replace(mycrit,"'","''") Response.Write("INSERT table VALUES('" & mycrit & "')<p>") Response.Write("SELECT column FROM table WHERE column LIKE '%" & mycrit & "%'<p>") %> |
In JScript, you could use the Replace() method also, however it behaves differently than in VBScript. Each call to .Replace() only affects the *first* instance it comes across. You can use RegExp to remind JScript to replace globally:
| <script language=jscript runat=server> var myCrit = "bob's bait and tackle"; var q = /\'/g; // regexp apostrophe, global myCrit = myCrit.replace(q, "''"); Response.Write("INSERT table VALUES('" + myCrit + "')<P>"); Response.Write("SELECT column FROM table WHERE column LIKE '%" + myCrit + "%'<P>"); </script> |
Related Articles
Can I fix this mm/dd/yyyy <-> dd/mm/yyyy confusion once and for all? Could I get some help with JOINs? How can I tell which version of MDAC I'm running? How do I access MIN, MAX, SUM, COUNT values from SQL statements? How do I change column order in a table structure? How do I change the order of columns in a table? How do I concatenate strings from a column into a single row? How do I convert columns of values into a single list? How do I determine if a database exists? How do I document / compare my SQL Server database(s)? How do I get the IDENTITY / AUTONUMBER value for the row I inserted? How do I solve 'ADO Could Not Find The Specified Provider'? Should I use BETWEEN in my database queries? Why can't I use the * wildcard in a database search? Why do I get 'Syntax Error in INSERT INTO Statement' with Access? Why do I get weird results when using both AND and OR in a query? Why do some SQL strings have an 'N' prefix? Why does AbsolutePosition return as -1? Why doesn't SQL Server allow me to separate DATE and TIME? Why is Query Analyzer only returning 255 characters? Why should I avoid NULLs in my database?