SQL query: That pesky apostrophe

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT SQL Server and .NET development Microsoft releases new CTP of Oslo SDK Perpetuum unveils database synchronizer for .NET 2.0 The CTE, the hierarchical query and SQL Server 2005 SQL Server 2005 recursive functions and the CTE SQL Examiner Suite synchronizes data schema, sets Book excerpt: ADO.NET and SQL Server 2005 DataDirect database drivers now support MySQL Top .NET tips of 2007 (so far) Addressing common SQL Server questions Book Excerpt: The .NET Framework and SQL Server 2005 Microsoft SQL Server Using the Visual Studio 2005 DataSet Designer to build a data access layer The CTE, the hierarchical query and SQL Server 2005 SQL Server 2005 recursive functions and the CTE Choose the right .NET data provider, optimize application performance The fallacy of the data layer -- or, a new architectural model for software designs Book excerpt: ADO.NET and SQL Server 2005 Addressing common SQL Server questions Book Excerpt: The .NET Framework and SQL Server 2005 WinForms development using SQL Server 2005 and Visual Basic 2005 Configuring ASP.NET 2.0 apps to SQL Server 2005 databases

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

.


Not to be outdone, Christopher Nachand offers his approach:

In a SQL query, sometimes you cannot capture the rogue single apostrophe during data entry. This is especially true when dealing with data transfer or conversion applications, and it's usually found in people's last names. You can use a fairly simple function to look for the single quote and replace it with two single quotes, which most databases will recognize as a single quote character for display purposes.



...a variation on the same theme.

Jesse Waldrip offers a slightly longer variation.

When saving info to a database table the apostrophe character causes run-time errors. Most databases do not allow the use of the apostrophe as it is interpreted as a new field starting. This will cause syntax errors. Here is a very simple function that overcomes this problem by handling it when data is saved to an Access or SQL Server database.


Greg Obleshchuk offers a solution based on the Replace function, as did a number of readers.

Bruce Wood's tip about replacing the ' with a ` in a SQL query sounds good -- but it is bad, very bad. The user would always try and turn the ` back into the '. Most databases handle the ' very well. The code below could be used instead. You could use this when you assign the textbox text to the field. If you are using bound textboxes, place it in the beforeupdate events. This tip will double '' and "" so all things will work.



Another Replace tip, this from John Barone

You published a tip dealing with the apostrophe in a SQL query and suggested to use the KeyPress event to replace the apostrophe with a backwards apostrophe.

You can deal with it, more simply IMHO, by using the Replace function. It doesn't even add an extra line (really); can't get easier than that!
'An example of how to use Replace


This tip is generated from SearchVB.com user Randy N. Ligsay:

Tip: the function below validates a SQL query string containing reserved characters such as single quoted('), double quotes(""), etc., which will cause runtime-error when saving it to database. To avoid such problems, the function doubles that reserved character to override the use of that character.

e.g. oracle backends
input : ILOVE'VBPROG - you can't save this to a database, because oracle treats the single quotes as a string encloser, but you can save this string without any change in value by using the function below. Pass the string to the function, and the resulting output would be ILOVE''VBPROG. This overrides the usage of the single quote for this particular back end (the single quote was doubled). This function is also able support other reserved character. Use the StrSearchString param of the function.



Finally, this was the first response we got, the one that started this magnum opus on its way to you. This is from Martin Gravel.

I received a tip&trick mail this morning. It was submitted by a fellow named Bruce Wood, and was for fixing apostrophes in database fields. His solution was to replace all apostrophes with the open quote character. How can you guys publish such a nuisance? If a user needs an apostrophe in a field, we, as programmers, have to let the user put an apostrophe in the field and process it correctly! O'brian is not the same as O`Brian

We asked Martin what his solution is for this type of SQL query, and here is his response.

The programmer should allow the quotes in the input textbox. Once he is ready to send the data to the SQL server, the programmer should use the REPLACE function to pre-process and thus hide special characters.

The REPLACE function will replace each occurrence of single quote by a pair of single quotes. SQL will accept this syntax and when encountering the single quotes pair, will drop one and include the other in the string itself. You still need starting and ending single quotes to enclose the whole string.

This method has been widely documented in different forums for several months. Programmers use it more and more as it is very simple and powerful.

Please read the tip that started it all, 'Darn that apostrophe'

Rate this Tip To rate tips, you must be a member of SearchWinDevelopment.com. Register now to start rating these tips. Log in if you are already a member. Submit a Tip DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.