Inserting Apostropy in database

• Nazrina Afrin

  Newbie

  Points: 1

  More actions

  May 1, 2006 at 1:00 pm

  #366090

  hi everyone,

  I am new in this forum. I am having a problem inserting Apostropy in database.(e.g John's).

  Can anyone please come up to solve this problem. Oranyone know the solution. Will be a great help for me.

  Thanks

  Nazrina Afrin

• Pam Brisjar

  SSChampion

  Points: 12094

  More actions

  May 1, 2006 at 1:29 pm

  #635201

  insert into MyTable (MyColumn)

  values('John''s')  --note the extra quote

• barsuk

  SSChampion

  Points: 12280

  More actions

  May 2, 2006 at 11:54 am

  #635413

  You might want to take care of this problem on the front end using smth like that:

  replace(CStr(Request.Form("LastName")),"'", "''") when inserting into DB.

• Pam Brisjar

  SSChampion

  Points: 12094

  More actions

  May 2, 2006 at 12:03 pm

  #635418

  Then there's QUOTENAME()

  see: http://msdn2.microsoft.com/en-us/library/ms176114(SQL.90).aspx

  for reference.

• Ian Yates

  SSCoach

  Points: 19738

  More actions

  May 2, 2006 at 7:22 pm

  #635486

  Also, if this code is coming to SQL from your client application / web application, you should read about "SQL Injection attacks" and how to prevent them...  Do a search on this site.