<div>
<div class="content wysiwyg-content">
We have many dynamic sql stored procedures in our system<br />
<br />
I am finding that on &quot;search style&quot; stored procedures I am running into issues where the DATA has a single quote in it<br />
The parameter has an apostrophe has a single quote in it<br />
But the dynamic SQL does an escape on the EXEC (@SQL) <br />
Is there a &quot;good way&quot; to handle this?<br />
<br />
<br />
Example...<br />
Here is some code<br />

<pre><code id="code-10-29100093-1">DECLARE @SQL VARCHAR(MAX) = '';
DECLARE @param VARCHAR(10) = 'a''.com';
--SELECT @param;

SET @SQL = @SQL + 'select * from users where Username = ''' + @param + ''' order by username ';
PRINT @SQL;
EXEC ( @SQL );</code></pre>
<br />
And here is the message on execute<br />
<a href="https://filedb.experts-exchange.com/incoming/2018/05_w20/1315984/sp1.png" target="_blank" title="Screenprint (7 KB)"><img alt="Screenprint" class="file-block lazyload" style="max-width: 520px;" data-src="https://filedb.experts-exchange.com/incoming/2018/05_w20/1315984/sp1.png" /></a>
</div>
</div>


sp1.png

We have many dynamic sql stored procedures in our system

I am finding that on "search style" stored procedures I am running into issues where the DATA has a single quote in it
The parameter has an apostrophe has a single quote in it
But the dynamic SQL does an escape on the EXEC (@SQL) 
Is there a "good way" to handle this?


Example...
Here is some code
(CODE)

And here is the message on execute


Dynamic SQL and escape characters

Microsoft SQL Server 2008 is a suite of relational database management system (RDBMS) products providing multi-user database access functionality.Component services include integration (SSIS), reporting (SSRS), analysis (SSAS), data quality, master data, T-SQL and performance tuning. Major improvements include the  Always On technologies and support for unstructured data types.

Microsoft SQL Server 2008

Microsoft SQL Server is a suite of relational database management system (RDBMS) products providing multi-user database access functionality.SQL Server is available in multiple versions, typically identified by release year, and versions are subdivided into editions to distinguish between product functionality. Component services include integration (SSIS), reporting (SSRS), analysis (SSAS), data quality, master data, T-SQL and performance tuning.

Microsoft SQL Server

Remote access may refer to the connection to a data-processing system from a remote location, for example through a virtual private network remote desktop software, terminal emulation, or the activation of features of a business telephone system from outside the business's premises.