Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Escape double quotes in SQL 2005/2008

Tags:

c#

sql

sql-server

full-text-search

I have an international company that has recently been added, which is named "BLA "BLAHBLAH" Ltd. (The double quotes are part of the name. )

Whenever a user tries to search for this company, by entering "Blah, or something to that affect, the search fails with a syntax error in SQL server.

How can I escape this so the search will not fail?

Sample SQL:

SELECT c.companyID, c.companyName, c.dateAdded, count(cm.maxID) as NumDirect
    FROM RussoundGeneral.dbo.Company c  
         LEFT JOIN RussoundGeneral.dbo.CompanyMax cm
                ON (cm.companyId = c.companyId and cm.maxID is not null)  
    WHERE CONTAINS ( companyName,  '"BLAH*' )
    GROUP BY c.companyID, c.companyName, c.dateAdded  
    ORDER BY c.companyName ASC
like image 470
Russ Avatar asked Dec 22 '08 20:12

Russ

People also ask

How do you escape a double quote in SQL query?

Use two single quotes to escape them in the sql statement. The double quotes should not be a problem: SELECT 'How is my son''s school helping him learn? "Not as good as Stack Overflow would!"'

Are double quotes allowed in SQL?

Double quotes generally aren't used in SQL, but that can vary from database to database. Stick to using single quotes.

How do I use double quotes in a SQL string?

If you need to use single quotes and double quotes in a string that contains both a contraction and a quote, you will need to use the backslash '' to cancel out the following character.

How do I escape a character in SQL?

In ANSI SQL, the backslash character (\) is the escape character. To search for data that begins with the string \abc , the WHERE clause must use an escape character as follows: ... where col1 = '\\abc';

1 Answers

Unfortunately, double-quotes have special meaning inside FTI, so even if you parameterize it, the FTI engine treats it as a phrase delimiter. I am not sure there is an easy way to include double-quotes in an FTI search. Brackets are also a special character, but can be encased in quotes to treat as a query term - but not AFAIK double-quotes.

Update

A bit of searching suggests that doubling the quote to "" may fix it - worth a try. Personally, I'd do this inside the DB, since this is a TSQL implementation detail.

Likewise, ' needs to be doubled to '' before passing to FTI (completely separate to TSQL escaping),

like image 120
Marc Gravell Avatar answered Oct 04 '22 12:10

Marc Gravell
Sign in to Comment

Related questions

MongoDB C# driver Mock method that returns IAsyncCursor
SqlException: Invalid object name c#
How to correctly download files to Angular from ASP.NET Core?
C# equivalent of Scala List's Zip with Index?
Cannot create an async Main
ASP NET Core JWT authentication allows expired tokens
Can a `Task` context switch before its first `await`?
How to implement permission based authorization in ASP.net core Identity?
Setting drop down value in unity with a string
Operator '!' cannot be applied to operand of type x
logging.AddAzureWebAppDiagnostics() does not work in .net core 2.2
Upload file (> 4MB) to OneDrive using Graph API
Counting the amount of repetitions a letter has in a string
How to utilize output parameters in EF Core 3.0 using ExecuteSqlInterpolatedAsync()
Is is possible to convert C# double[,,] array to double[] without making a copy
How can I determine if a remote drive has enough space to write a file using C#?
Visual Studio 2008 crashes horribly
Good resources about unit testing? [closed]
Interprocess communication in .NET
How do I enforce using a factory on a struct in C#

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!