Reputation: 791
How Do I Escape Apostrophes in Field Valued in SQL Server?
I asked a question a couple days ago about creating INSERTs by running a SELECT to move data to another server. That worked great until I ran into a table that has full on HTML and apostrophes in it. What's the best way to deal with this? Lucking there aren't too many rows so it is feasible as a last resort to 'copy and paste'. But, eventually I will need to do this and the table by that time will probably be way too big to copy and paste these HTML fields.
This is what I have now:
select 'Insert into userwidget ([Type],[UserName],[Title],[Description],[Data],[HtmlOutput],[DisplayOrder],[RealTime],[SubDisplayOrder]) VALUES ('
+ ISNULL('N'''+Convert(varchar(8000),Type)+'''','NULL') + ','
+ ISNULL('N'''+Convert(varchar(8000),Username)+'''','NULL') + ','
+ ISNULL('N'''+Convert(varchar(8000),Title)+'''','NULL') + ','
+ ISNULL('N'''+Convert(varchar(8000),Description)+'''','NULL') + ','
+ ISNULL('N'''+Convert(varchar(8000),Data)+'''','NULL') + ','
+ ISNULL('N'''+Convert(varchar(8000),HTMLOutput)+'''','NULL') + ','
+ ISNULL('N'''+Convert(varchar(8000),DisplayOrder)+'''','NULL') + ','
+ ISNULL('N'''+Convert(varchar(8000),RealTime)+'''','NULL') + ','
+ ISNULL('N'''+Convert(varchar(8000),SubDisplayOrder)+'''','NULL') + ')'
from userwidget
Which is works fine except those pesky apostrophes in the HTMLOutput field. Can I escape them by having the query double up on the apostrophes or is there a way of encoding the field result so it won't matter?
Upvotes: 2
Views: 1344
Answers (3)
Reputation: 12346
You should use parameters instead of injecting values into your SQL query.
Upvotes: 4
Reputation: 29
Use QUOTENAME function
declare @valueAsNull as varchar(10)
set @valueAsNull = quotename('NULL','''')
SELECT 'Insert into userwidget ([Type],[UserName],[Title],[Description],[Data],[HtmlOutput],[DisplayOrder],[RealTime],[SubDisplayOrder]) VALUES (' +
REPLACE(QUOTENAME(Convert(varchar(8000),ISNULL(Type,'NULL'),''''), @valueAsNull,'NULL') + ', '
REPLACE(QUOTENAME(Convert(varchar(8000),ISNULL(Username,'NULL'),''''), @valueAsNull,'NULL') + ', '
REPLACE(QUOTENAME(Convert(varchar(8000),ISNULL(Title,'NULL'),''''), @valueAsNull,'NULL') + ', '
REPLACE(QUOTENAME(Convert(varchar(8000),ISNULL(Description,'NULL'),''''), @valueAsNull,'NULL') + ', '
REPLACE(QUOTENAME(Convert(varchar(8000),ISNULL(Data,'NULL'),''''), @valueAsNull,'NULL') + ', '
REPLACE(QUOTENAME(Convert(varchar(8000),ISNULL(HTMLOutput,'NULL'),''''), @valueAsNull,'NULL') + ', '
REPLACE(QUOTENAME(Convert(varchar(8000),ISNULL(DisplayOrder,'NULL'),''''), @valueAsNull,'NULL') + ', '
REPLACE(QUOTENAME(Convert(varchar(8000),ISNULL(RealTime,'NULL'),''''), @valueAsNull,'NULL') + ', '
REPLACE(QUOTENAME(Convert(varchar(8000),ISNULL(SubDisplayOrder,'NULL'),''''), @valueAsNull,'NULL') + ')'
FROM userwidget
Upvotes: -1
Reputation: 442
You can replace the single apostrophe with double apostrophes.
ISNULL('N'''+ REPLACE(Convert(varchar(8000),Type), '''', '''''') + '''','NULL') + ','
Upvotes: 5
Related Questions
- SQL Query to replace apostrophe
- Escaping single quote in SQL Server
- How does one escape an apostrophe in db2 sql
- Select field with apostrophe SQL
- Extra Apostrophe in SQL Statement
- SQL Server - replace multiple apostrophes with single apostrophe
- Remove all apostrophes in field with T-SQL
- How to insert a value that contains apostrophe?
- pulling data value that has apostrophe but your input does not?
- Select VarChar with apostrophes