.net sql single quote escape - do I have to wrap every parameter?

Posted on 2007-10-04
Last Modified: 2012-08-13
I have a data access layer with a bunch of function calls.  So if I have  form with a browse grid and filters at the top, I pass all the variables into a function that goes to my data access layer on my webservice and gets a dataset out.  Most of these queries call stored procs.

If I put in a sinlge quote there are problems so I have to replace it with a single quote.  Do I have to wrap each parameter in a replace function?  Is there either a way to replace all the parameters passed into a .net function?  Or is there a way to wrap the parameters in a stored proc?  I don't want to have to do this all over for every parameter.  Or is there another way?
Question by:jackjohnson44
    LVL 7

    Accepted Solution

    What kind of problem exactly? I'm not sure I understand your question. If you are using a stored procedure, then having a parameter of that proc have a single quote should not be an issue.

    Author Comment

    Sorry, I should have been more specific, I am building a string in the stored proc and then executing it.
    LVL 35

    Assisted Solution

    I think you have to do that with every variable that you pass as a parameter value. Replace is a string function

    Author Comment

    In my stored proc I just did this

    SELECT @ActualConfigurationCode = REPLACE(@ActualConfigurationCode,'''','''''')

    Featured Post

    Gigs: Get Your Project Delivered by an Expert

    Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

    Join & Write a Comment

    Having an SQL database can be a big investment for a small company. Hardware, setup and of course, the price of software all add up to a big bill that some companies may not be able to absorb.  Luckily, there is a free version SQL Express, but does …
    A long time ago (May 2011), I have written an article showing you how to create a DLL using Visual Studio 2005 to be hosted in SQL Server 2005. That was valid at that time and it is still valid if you are still using these versions. You can still re…
    Via a live example, show how to set up a backup for SQL Server using a Maintenance Plan and how to schedule the job into SQL Server Agent.
    Via a live example, show how to setup several different housekeeping processes for a SQL Server.

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now