How to write 'in a SQL query?

Question

How to write 'in a SQL query?

I need to use the ' characters in an access request.

but if I write select Fname from MEN where Fnale = 'j'o' I get an error

how to write characters '

Thanks in advance

+4

c # ms-access

Gold Nov 08 '10 at 7:51

source share

6 answers

Single quotes can be escaped with two single quotes.

 SELECT Fname FROM MEN WHERE Fnale = 'j''o'

+5

Larsenal Nov 08 '10 at 7:53

source share

For SQL Server:

 var cmd = new SqlCommand("select fname from MEN where fnale = @query", myConnection); cmd.Parameters.AddWithValue("@query", "j'o");

All solutions to which you add your parameter to the sql string are incorrect (or at least at high risk) because they are vulgar for SQL Injection attacks.

You mentioned "access request", for Microsoft Access / Ole use the following syntax:

 var cmd = new OleDbCommand("select fname from MEN where fnale = ?", myConnection); cmd.Parameters.AddWithValue("?", "j'o"); // Order does matter

+3

Gvs Nov 08 '10 at 8:24

source share

I would use a literal string to avoid escaping everything

 string query = @"select Fname from MEN where Fnale = 'jo'";

If you avoid this with regard to SQL, use another single quote to avoid quotes:

 select Fname from MEN where Fnale = ''jo''

+2

Alex Nov 08 '10 at 7:55

source share

As others have said, you can escape quotes. But if you send this request with C #, then it is better to use parameters - this way all the escaping is done for you, so you can’t forget about the special case when user input can still cause unwanted effects. ( small bobby tables , anyone? :-))

+2

Hans kesting Nov 08 '10 at 8:16

source share

Try replacing 'with'

+1

Kamal Nov 08 '10 at 7:57

source share

Pieter van ginkel · Accepted Answer · 2010-11-08T07:52:58+0000

Try backslash \' or two quotation marks. ''

It depends on your database. MySQL uses \' and Microsoft SQL and MS Access use two quotation marks. ''

How to write 'in a SQL query?

More articles: