Reputation: 191
How to insert string containing single or double quotes
If I want to insert a statement which contains quotation mark, how is it possible ?
For Example I have a text box and I enter:
Future Swami Vivekananda’s grand father's name was "____" .
Upvotes: 0
Views: 14451
Answers (3)
Reputation:
If you use properly parameterized statements, you shouldn't need to worry about it. Something like this (though please don't learn C# techniques from me):
string sql = @"UPDATE dbo.table SET col = @p1 WHERE ...;";
string myString = @"hello'foo""bar";
SqlCommand cmd = new SqlCommand(sql, conn);
cmd.CommandType = CommandType.Text;
cmd.Parameters.Add("@p1", SqlDbType.VarChar, 30).Value = myString;
(Though you really should be using stored procedures.)
If you are building your strings manually (which you really, really, really shouldn't be doing), you need to escape string delimiters by doubling them up:
INSERT dbo.tbl(col) VALUES('hello''foo"bar');
Upvotes: 8
Reputation: 15450
You can double up the quote:
INSERT INTO table
VALUES ('Future Swami Vivekananda''s grand father''s name was "____"')
Upvotes: 0
Reputation: 1062820
Use a parameterized query - then quotes don't matter at all. Also - your database doesn't get taken over by SQL injection - so win/win really.
Upvotes: 4
Related Questions
- Escape single quote in sql query c#
- Ignoring Quotes in Insert String C#, SQL Server
- How to insert a string with ( ' ) in to the sql database?
- Single quote handling in a SQL string
- Inserting into a MySQL database table, using C#, a string that can contain double quotes
- How to handle Single Quote
- Inserting string which contain single quotes ' in SQL
- String field with single quotation mark is causing an error when inserting record in table
- SQL server - inserting a string with a single quotation mark
- Avoid entering double quotes from start & ending of a string