Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

T-SQL escape quote character

Tags:

tsql

escaping

NOTE: It's probably a duplicate but I can't find working answer.

Following is what i'm trying todo, notice a ' in the value. How do I fix this?

INSERT INTO [pugraider].[dbo].[Realms]([Name]) VALUES('Aman'Thul')

I use MS SQL Server Management Studio 2008.

EDIT: I'm writing a script to populate a lookup table (ID<->Name).

like image 278
THX-1138 Avatar asked Jan 08 '10 17:01

THX-1138


1 Answers

This will work:-

INSERT INTO [pugraider].[dbo].[Realms]([Name]) VALUES('Aman''Thul')

Ordinarily the only reason to have such hardcoded values in T-SQL is in DB construction code such as initialising look up tables.

Otherwise this code might be a result of string concatenation to build up some T-SQL from some input source. If that is the case its worth finding ways to avoid it since it can open your application to SQL injection attacks.

like image 164
AnthonyWJones Avatar answered Oct 13 '22 23:10

AnthonyWJones