I have this sample T-SQL query and trying this on SQL-Server-2008.
DECLARE nvarchar(1000) @wstring = "I asked my son's teacher, "How is my son doing now?""
UPDATE tablename SET columnname = ' " & @wstring & " ' where ... blah ... blah
I know that the above query will throw error.
So How do I handle-escape both single and double quotes in an SQL-Update statement.
Please do not suggest about manually adding a 'slash \' or a single-quote before every quote and alike for bouble-quote.
This would be impractical because the above example is just a sAmple one and the actual application value is more than 1000 characters, which would be received from some other system-source.
You can escape the quotes with a backslash:
"I asked my son's teacher, \"How is my son doing now?\""
Use two single quotes to escape them in the sql statement. The double quotes should not be a problem:
SELECT 'How is my son''s school helping him learn? "Not as good as Stack Overflow would!"'
Print:
How is my son's school helping him learn? "Not as good as Stack Overflow would!"
Depending on what language you are programming in, you can use a function to replace double quotes with two double quotes.
For example in PHP that would be:
str_replace('"', '""', $string);
If you are trying to do that using SQL only, maybe REPLACE() is what you are looking for.
So your query would look something like this:
"UPDATE Table SET columnname = '" & REPLACE(@wstring, '"', '""') & "' where ... blah ... blah "
Use "REPLACE" to remove special characters.
REPLACE(ColumnName ,' " ','')
Ex: -
--Query ---
DECLARE @STRING AS VARCHAR(100)
SET @STRING ='VI''RA""NJA "'
SELECT @STRING
SELECT REPLACE(REPLACE(@STRING,'''',''),'"','') AS MY_NAME
--Result---
VI'RA""NJA"
When SET QUOTED_IDENTIFIER is OFF, literal strings in expressions can be delimited by single or double quotation marks.
If a literal string is delimited by double quotation marks, the string can contain embedded single quotation marks, such as apostrophes.
In C# and VB the SqlCommand object implements the Parameter.AddWithValue method which
handles this situation
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 仙女界的扛把子 的文章《How to handle-escape both single and double quotes》','https://www.manongdao.com/article-653061.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}