handling single quotes??

  • Thread starter Thread starter SStory
  • Start date Start date
S

SStory

How can I handle the user entering single quotes like in

Bob's mini mart?

If I use command objects will this no longer be an issue?

I guess that would mean no simple adhoc SQL statements right?

like SELECT name from WHATEVER

would need a command object with

"SELECT @NAME, etc.
and then params

is this the way to solve the problem?

Thanks,

Shane
 
At least with SQL Server, it recognizes two single quotes as a single
quote inside single quote delimiters. Huh??

select * from table where name = 'Bob''s mini mart'

Notice two single quotes between b and s of Bob's. Use a replace
method to get it that way.
 
That won't cut it in .NET. It will be seen as two strings next to each
other without any concatenation.
 
Granted, my text is incomplete. I assumed that it was known that the
string as shown would be a string and have doublequotes surrounding it
if hardcoded so...

sql = "select * from table where name = 'Bob''s mini mart'"

the variable sql would be valid to pass to a command object for
execution on SQL Server. I would like to stress however, that this is
much less a good fix than to convert to using parameters.
 
You have to be very careful when handling single quotes, as the bottom of
them is very sharp. I recommend wearing gloves.

;-)

Seriously, escape them by doubling them.
--
HTH,
Kevin Spencer
..Net Developer
Microsoft MVP
Big things are made up
of lots of little things.
 
Back
Top