Are there escape characters for SQL?

Discussion in 'ASP .Net' started by =?Utf-8?B?YmFzdWxhc3o=?=, Jul 7, 2005.

  1. I think it is a very simple question, but i don't know the answer. I am
    developing a web site in C# and ASP.NET . If an entry like "Here is Sam's
    Pub" is entered into a Textbox exception occurs. Since " ' " character causes
    problem. Are there any escape character? Or how can i solve this problem?
    --
    No Sign
    =?Utf-8?B?YmFzdWxhc3o=?=, Jul 7, 2005
    #1
    1. Advertising

  2. =?Utf-8?B?YmFzdWxhc3o=?=

    Marina Guest

    The single quote is its own escape character. So you would use 2 in a
    string, to signify to treat it as 1 literal single quote.

    It is recommended that you use parameterized queries to avoid this problem.
    Most importantly that you should always use it to prevent SQL injection
    attacks.

    "basulasz" <> wrote in message
    news:...
    >I think it is a very simple question, but i don't know the answer. I am
    > developing a web site in C# and ASP.NET . If an entry like "Here is Sam's
    > Pub" is entered into a Textbox exception occurs. Since " ' " character
    > causes
    > problem. Are there any escape character? Or how can i solve this problem?
    > --
    > No Sign
    Marina, Jul 7, 2005
    #2
    1. Advertising

  3. =?Utf-8?B?YmFzdWxhc3o=?=

    Patrice Guest

    Your quickest option is to replace ' inside the statement with ''.

    Another (IMO better) option is to use parameters instead of building
    statements into which you stuff values. It will avoid this problem as well
    as possible formatting problems with decimal or date values caused by
    writing their string representation right into the SQL statement... It helps
    also to avoid SQL injection attacks...
    --

    Patrice

    "basulasz" <> a écrit dans le message de
    news:...
    > I think it is a very simple question, but i don't know the answer. I am
    > developing a web site in C# and ASP.NET . If an entry like "Here is Sam's
    > Pub" is entered into a Textbox exception occurs. Since " ' " character

    causes
    > problem. Are there any escape character? Or how can i solve this problem?
    > --
    > No Sign
    Patrice, Jul 7, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Griff

    trying out escape characters

    Griff, Aug 3, 2004, in forum: Perl
    Replies:
    6
    Views:
    602
  2. Maziar Aflatoun

    Escape characters

    Maziar Aflatoun, Dec 5, 2003, in forum: ASP .Net
    Replies:
    3
    Views:
    551
    Jason S
    Dec 5, 2003
  3. Guadala Harry

    What Happens To Escape Characters?

    Guadala Harry, Aug 18, 2004, in forum: ASP .Net
    Replies:
    3
    Views:
    688
    Lau Lei Cheong
    Aug 19, 2004
  4. slomo
    Replies:
    5
    Views:
    1,520
    Duncan Booth
    Dec 2, 2007
  5. Stef Mientki
    Replies:
    11
    Views:
    10,540
    Martin
    Dec 28, 2008
Loading...

Share This Page