[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


.net sql single quote escape - do I have to wrap every parameter?

Posted on 2007-10-04
Medium Priority
Last Modified: 2012-08-13
I have a data access layer with a bunch of function calls.  So if I have  form with a browse grid and filters at the top, I pass all the variables into a function that goes to my data access layer on my webservice and gets a dataset out.  Most of these queries call stored procs.

If I put in a sinlge quote there are problems so I have to replace it with a single quote.  Do I have to wrap each parameter in a replace function?  Is there either a way to replace all the parameters passed into a .net function?  Or is there a way to wrap the parameters in a stored proc?  I don't want to have to do this all over for every parameter.  Or is there another way?
Question by:jackjohnson44
  • 2

Accepted Solution

joesthebighmoe earned 1000 total points
ID: 20015532
What kind of problem exactly? I'm not sure I understand your question. If you are using a stored procedure, then having a parameter of that proc have a single quote should not be an issue.

Author Comment

ID: 20015552
Sorry, I should have been more specific, I am building a string in the stored proc and then executing it.
LVL 35

Assisted Solution

YZlat earned 1000 total points
ID: 20015604
I think you have to do that with every variable that you pass as a parameter value. Replace is a string function

Author Comment

ID: 20016488
In my stored proc I just did this

SELECT @ActualConfigurationCode = REPLACE(@ActualConfigurationCode,'''','''''')

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Windocks is an independent port of Docker's open source to Windows.   This article introduces the use of SQL Server in containers, with integrated support of SQL Server database cloning.
Microsoft Access has a limit of 255 columns in a single table; SQL Server allows tables with over 255 columns, but reading that data is not necessarily simple.  The final solution for this task involved creating a custom text parser and then reading…
Via a live example, show how to set up a backup for SQL Server using a Maintenance Plan and how to schedule the job into SQL Server Agent.
Viewers will learn how the fundamental information of how to create a table.

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question