save apostrophe " ' " in sql

Question

0.00/5 (No votes)

See more:

hi
i sent this statement to sql:

SQL

insert into tableName (fieldName) values ('Jack's car')

in order to Save
But an error occurred

Thanks for any solution to the problem

Posted 26-Jul-15 19:48pm

Ashraf Khalifah

Updated 26-Jul-15 20:00pm

Maciej Los

v2

Add a Solution

Comments

Maciej Los 27-Jul-15 2:01am

What kind of error? What's a message?

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Maciej Los · Accepted Answer · 2015-07-26T20:03:00

Solution 1

Probably, an error message is: "

Msg 105, Level 15, State 1, Line xxx
Unclosed quotation mark after the character string</pre>

To workaround it you have to add another '.

SQL

insert into tableName (fieldName) values ('Jack''s car')

As Afzaal[^] suggested, i need to warn you about SQL Injection[^].

More: How To: Protect From SQL Injection in ASP.NET[^]
SQL Injection and how to avoid it[^]
Do Stored Procedures Protect Against SQL Injection?[^]
SQL Injection Attacks[^]

Posted 26-Jul-15 20:03pm

Maciej Los

Updated 26-Jul-15 20:20pm

v5

Comments

Afzaal Ahmad Zeeshan 27-Jul-15 2:16am

Good, but wait. Forgot SQL Injection? Try providing him with a solution for parameterization. :-) That would help him in many ways. Hard-coded string would work in this context, in his application it won't. There he needs a variable data and which would be exposed to SQL Injection.

Maciej Los 27-Jul-15 2:20am

Done ;) Thank you for your valuable comment.

Afzaal Ahmad Zeeshan 27-Jul-15 2:23am

Have a 5. :-)

Maciej Los 27-Jul-15 2:31am

Thank you ;)

CPallini 27-Jul-15 2:46am

My 5.

Maciej Los 27-Jul-15 3:30am

Thank you, Carlo ;)

Wendelius 27-Jul-15 3:39am

Nice answer, 5.

Maciej Los 27-Jul-15 3:40am

Thank you, Mika ;)

Ashraf Khalifah 27-Jul-15 10:52am

THANK YOU

Maciej Los 27-Jul-15 15:29pm

You're very welcome ;)