0x436f72647265
Reputation: 455
Adding a quote character in a Delphi String
I am writing a SQL program in Delphi 7 and came across a problem.
If you add an SQL command you have to use ' to indicate it is a Variable or String, but I want to build up my SQL statement because it is coming from different If statements and thus have to build it up. Therefore, I wanted to know if anyone knows a trick to add a ' into a string.
Upvotes: 2
Views: 7122
Answers (2)
whosrdaddy
Reputation: 11860
Don't make the same mistake like many before you and lookup parametrized queries or else you will be open for SQL injection attacks. If you need to include string constants in your query then use 2 single quotes ('') or the QuotedStr() function from the SysUtils unit.
Upvotes: 6
Related Questions
- Need to add double quotes to SQL SERVER string values
- Strip quotes from a string
- Delphi - Single Quote in string
- How to escape special characters like " in the SQL query in order to avoid Injection
- How do I avoid Delphi interpreting special characters as parameters in SQL?
- How to add dynamic SQL delimiter of single quote?
- Using QuotedStr in SQL
- Double quotes being replaced with ' + CHAR(34) + ' in SQL using ASP.NET
- Dynamic t-sql quotes in string
- How to escape special characters in SQL strings from Delphi?