//  home   //  advanced search   //  news   //  categories   //  sql build chart   //  downloads   //  statistics
 ASP FAQ 
Home
ASP FAQ Tutorials

   8000XXXX Errors
   Alerts
   ASP.NET 2.0
   Classic ASP 1.0
   Databases
      Access DB & ADO
      General SQL Server & Access Articles
      MySQL
      Other Articles
      Schema Tutorials
      Sql Server 2000
      Sql Server 2005
   General Concepts
   Search Engine Optimization (SEO)

Contact Us
Site Map

Search

Web
aspfaq.com
tutorials.aspfaq.com
databases.aspfaq.com

ASP FAQ Tutorials :: Databases :: General SQL Server & Access Articles :: Apostrophes in SQL


How do I deal with an apostrophe (') in a SQL statement?

Easily one of the most frequently-asked questions in ASP and database-related forums. 
 
The apostrophe is an illegal character in T-SQL because it is interpreted as a string delimiter. To allow a ' mark to be inserted into a database, simply double-up all occurences of the ' mark: 
 
<% 
    criteria = Replace(criteria,"'","''") 
%>
 
So to generate SQL queries: 
 
<% 
    mycrit = Replace(mycrit,"'","''") 
    Response.Write("INSERT table VALUES('" & mycrit & "')<p>") 
    Response.Write("SELECT column FROM table WHERE column LIKE '%" & mycrit & "%'<p>") 
%>
 
In JScript, you could use the Replace() method also, however it behaves differently than in VBScript. Each call to .Replace() only affects the *first* instance it comes across. You can use RegExp to remind JScript to replace globally: 
 
<script language=jscript runat=server> 
    var myCrit = "bob's bait and tackle"; 
    var q = /\'/g; // regexp apostrophe, global 
    myCrit = myCrit.replace(q, "''"); 
    Response.Write("INSERT table VALUES('" + myCrit + "')<P>"); 
    Response.Write("SELECT column FROM table WHERE column LIKE '%" + myCrit + "%'<P>"); 
</script>

Related Articles

Can I fix this mm/dd/yyyy <-> dd/mm/yyyy confusion once and for all?
Could I get some help with JOINs?
How can I tell which version of MDAC I'm running?
How do I access MIN, MAX, SUM, COUNT values from SQL statements?
How do I change column order in a table structure?
How do I change the order of columns in a table?
How do I concatenate strings from a column into a single row?
How do I convert columns of values into a single list?
How do I determine if a database exists?
How do I document / compare my SQL Server database(s)?
How do I get the IDENTITY / AUTONUMBER value for the row I inserted?
How do I solve 'ADO Could Not Find The Specified Provider'?
Should I use BETWEEN in my database queries?
Why can't I use the * wildcard in a database search?
Why do I get 'Syntax Error in INSERT INTO Statement' with Access?
Why do I get weird results when using both AND and OR in a query?
Why do some SQL strings have an 'N' prefix?
Why does AbsolutePosition return as -1?
Why doesn't SQL Server allow me to separate DATE and TIME?
Why is Query Analyzer only returning 255 characters?
Why should I avoid NULLs in my database?

 

 


Created: 7/9/2000 | Last Updated: 6/4/2006 | broken links | helpful | not helpful | statistics
© Copyright 2006, UBR, Inc. All Rights Reserved. (43)

 

Copyright 1999-2006, All rights reserved.
Finding content
Finding content.  An error has occured...