I am having trouble with users entering apostrophes as part of the input, as this causes probelms with my SQL statement, e.g.,
"SELECT lname FROM client WHERE lname='O'Regan';"
Some databases allow you to alternate single and double quotes --
SELECT lname FROM client WHERE lname="O'Regan"
However, this might cause you problems, because I notice that your entire query is already wrapped in double quotes. (You're using ASP, right?) In this case, you can try using two consecutive single quotes, which the database will interpret as a single quote that's part of the string --
SELECT lname FROM client WHERE lname='O''Regan'
Unfortunately, this means that you have to edit the input from your users and replace each occurrence of a single quote with two. Luckily, there are usually good string functions available in most programming languages. (I would say what they are in ASP, but I don't know ASP.)
For More Information
- What do you think about this answer? E-mail us at editor@searchDatabase.com with your feedback.
- The Best Microsoft SQL Server Web Links: tips, tutorials, scripts, and more.
- The Best SQL Web Links
- Have a SQL tip to offer your fellow DBA's and developers? The best tips submitted will receive a cool prize--submit your tip today!
- Ask your technical SQL questions--or help out your peers by answering them--in our live discussion forums.
- Ask the Experts yourself: Our SQL guru is waiting to answer your technical questions.
Dig Deeper on Oracle and SQL
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.