Are there escape characters for SQL?

G

Guest

I think it is a very simple question, but i don't know the answer. I am
developing a web site in C# and ASP.NET . If an entry like "Here is Sam's
Pub" is entered into a Textbox exception occurs. Since " ' " character causes
problem. Are there any escape character? Or how can i solve this problem?
 
M

Marina

The single quote is its own escape character. So you would use 2 in a
string, to signify to treat it as 1 literal single quote.

It is recommended that you use parameterized queries to avoid this problem.
Most importantly that you should always use it to prevent SQL injection
attacks.
 
P

Patrice

Your quickest option is to replace ' inside the statement with ''.

Another (IMO better) option is to use parameters instead of building
statements into which you stuff values. It will avoid this problem as well
as possible formatting problems with decimal or date values caused by
writing their string representation right into the SQL statement... It helps
also to avoid SQL injection attacks...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

What Happens To Escape Characters? 3
mac and pc escape characters 4
non SGML character escape 12
regex to escape special characters 4
Are there any PhpMyAdmin clone for ASP.net and SQL Server? 9
iomanip to escape xml 6
Can someone tell me what's wrong with this question on StackOverflow? 0
Replace escapeable characters with escape sequence? 8

Members online

No members online now.
Total: 38 (members: 1, guests: 37)
Robots: 186

Forum statistics

Threads
473,766
Messages
2,569,569
Members
45,043
Latest member
CannalabsCBDReview

Latest Threads

Top