<div>
Sorry, I should have been more specific, I am building a string in the stored proc and then executing it.
</div>


Sorry, I should have been more specific, I am building a string in the stored proc and then executing it.

<div>
In my stored proc I just did this<br />
<br />
<br />
SELECT @ActualConfigurationCode = REPLACE(@ActualConfigurati<wbr />onCode,'''<wbr />','''''')
</div>


In my stored proc I just did this


SELECT @ActualConfigurationCode = REPLACE(@ActualConfigurationCode,'''','''''')

<div>
<div class="content wysiwyg-content">
I have a data access layer with a bunch of function calls. &nbsp;So if I have &nbsp;form with a browse grid and filters at the top, I pass all the variables into a function that goes to my data access layer on my webservice and gets a dataset out. &nbsp;Most of these queries call stored procs.<br />
<br />
If I put in a sinlge quote there are problems so I have to replace it with a single quote. &nbsp;Do I have to wrap each parameter in a replace function? &nbsp;Is there either a way to replace all the parameters passed into a .net function? &nbsp;Or is there a way to wrap the parameters in a stored proc? &nbsp;I don't want to have to do this all over for every parameter. &nbsp;Or is there another way?
</div>
</div>


I have a data access layer with a bunch of function calls.  So if I have  form with a browse grid and filters at the top, I pass all the variables into a function that goes to my data access layer on my webservice and gets a dataset out.  Most of these queries call stored procs.

If I put in a sinlge quote there are problems so I have to replace it with a single quote.  Do I have to wrap each parameter in a replace function?  Is there either a way to replace all the parameters passed into a .net function?  Or is there a way to wrap the parameters in a stored proc?  I don't want to have to do this all over for every parameter.  Or is there another way?

.net sql single quote escape - do I have to wrap every parameter?

The .NET Framework is not specific to any one programming language; rather, it includes a library of functions that allows developers to rapidly build applications. Several supported languages include C#, VB.NET, C++ or ASP.NET.

.NET Programming

Microsoft SQL Server is a suite of relational database management system (RDBMS) products providing multi-user database access functionality.SQL Server is available in multiple versions, typically identified by release year, and versions are subdivided into editions to distinguish between product functionality. Component services include integration (SSIS), reporting (SSRS), analysis (SSAS), data quality, master data, T-SQL and performance tuning.

Microsoft SQL Server

C# is an object-oriented programming language created in conjunction with Microsoft’s .NET framework. Compilation is usually done into the Microsoft Intermediate Language (MSIL), which is then JIT-compiled to native code (and cached) during execution in the Common Language Runtime (CLR).