How to write ' in SQL query?

Question

i need to use the Characters ' in access query.

but if i write select Fname from MEN where Fnale = 'j'o' i get error

how to write the Characters '

thank's in advance

Answer 1

Single quotes can be escaped with two single quotes.

SELECT Fname FROM MEN WHERE Fnale = 'j''o'

Answer 2

For SQL Server:

var cmd = new SqlCommand("select fname from MEN where fnale = @query", myConnection);
cmd.Parameters.AddWithValue("@query", "j'o");

All solutions where you add your parameter to the sql string yourself are wrong (or at least high risk), because they are vulnarable for a SQL Injection Attack.

You mention "access query", for Microsoft Access / Ole use the following syntax:

var cmd = new OleDbCommand("select fname from MEN where fnale = ?", myConnection);
cmd.Parameters.AddWithValue("?", "j'o"); // Order does matter

Answer 3

As others said, you can escape the quotes. But if you are sending that query from C#, then it's better to use parameters - that way all escaping is done for you, so you can't forget some special case where user input can still cause unwanted effects. (little bobby tables, anyone? :-) )

Answer 4

Try replacing ' with ''

Answer 5

I would use a literal string to avoid escaping everything

string query = @"select Fname from MEN where Fnale = 'jo'";

If you are escaping this with respect to SQL, then use another single quote to escape the quotes:

select Fname from MEN where Fnale = ''jo''

Answer 6

Try a backslash \' or two quotes ''.

This depends on your database. MySQL uses \' and Microsoft SQL and MS Access uses two quotes ''.