Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
donnapep
Starting Member
15 Posts |
 Posted - 2008-02-07 : 11:52:04
|
| Hi,I have a parameterized query. The parameters contain data from my tables. Some of the parameters could include single quotes. The single quotes are wreaking havoc in my parameterized query. How can I replace single quotes with double quotes inside of my SQL stored procedure? I know that it's something similar to REPLACE(@variablename, '''''', ''''''''), but I can't get the number of quotes right.All of the examples that I am seeing are converting the quotes inside of an application. This is not an option for me, as I am calling this stored procedure from a SQL job that will run daily.Thx. |
|
|
madhivanan
Premature Yak Congratulator
22864 Posts |
Posted - 2008-02-07 : 11:56:14
|
| Is this?declare @variablename varchar(100)set @variablename='test''test'select @variablename,REPLACE(@variablename, '''', '"')MadhivananFailing to plan is Planning to fail |
 |
|
|
jsmith8858
Dr. Cross Join
7423 Posts |
Posted - 2008-02-07 : 12:01:57
|
| If you are using parameters correctly, you never need to escape your data or double-up quotes or do anything like that. You just assign the parameter a value and then reference that parameter in your SQL code. Where exactly is this "wreaking havoc" Can you provide more specifics ?- Jeffhttp://weblogs.sqlteam.com/JeffS |
|
|
|
|
|
|
Escaping quotes in parameterized query