Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Inserting a String that contains a ' single quote
- Thread starter Jhankins
- Start date
SpiderBear6
Programmer
Just use 2 single quotes instead of the one and only one will be inserted. 
LogicalmanUS
Programmer
Jhankins,
Use: REPLACE ( myString, "'" , "''"
Where myString is the original string, "'" is the string to search for, and "''" is the replacement string
Below is a Sproc that shows how to use this, and the call from Query Analyzer:
-- EXEC usp_Replace "HERE'S THE CHOICES"
CREATE PROCEDURE [dbo].[usp_Replace]
@MYSTRING varchar(100)
AS
SET @MYSTRING = REPLACE(@MYSTRING, CHAR(39), CHAR(39) + CHAR(39))
PRINT @MYSTRING
Logicalman
Use: REPLACE ( myString, "'" , "''"
Where myString is the original string, "'" is the string to search for, and "''" is the replacement string
Below is a Sproc that shows how to use this, and the call from Query Analyzer:
-- EXEC usp_Replace "HERE'S THE CHOICES"
CREATE PROCEDURE [dbo].[usp_Replace]
@MYSTRING varchar(100)
AS
SET @MYSTRING = REPLACE(@MYSTRING, CHAR(39), CHAR(39) + CHAR(39))
PRINT @MYSTRING
Logicalman
BlackburnKL
Programmer
What about 2 single quotes? An encryption routine returned a string with 2 single quotes together and the approach described above converted it to 4 single quotes. It didn't cause the process to throw an error, but it also didn't find the matching record in my SQL Server database. It could be a provider problem, but I'm hoping that someone else has trod this path before me and has a simple answer....
BlackburnKL
BlackburnKL
BlackburnKL
Programmer
It doesn't work. Suppose that my user name is BlackburnKL and my encrypted password is ÒR1ª''>fŸT] in this simplified example. Using the described approach, I develop the following SQL string to retrieve my information from the database:
SELECT * FROM Users WHERE Name = 'BlackburnKL' AND Password = 'ÒR1ª''''>fŸT]'
From VB6 and even in native SQL Server, it doesn't find the record with this SQL statement. And I've tried 3 single quotes, too. It results in an error. The 4 don't, but no record is returned either.
Any ideas?
BlackburnKL
SELECT * FROM Users WHERE Name = 'BlackburnKL' AND Password = 'ÒR1ª''''>fŸT]'
From VB6 and even in native SQL Server, it doesn't find the record with this SQL statement. And I've tried 3 single quotes, too. It results in an error. The 4 don't, but no record is returned either.
Any ideas?
BlackburnKL
My understanding is that the password is encrypted within SQL and you CANNOT retrieve by password.
Try this as a test:
USE Master
SELECT password
FROM Syslogins
WHERE name = 'BlackburnKL'
Then you'll see what the password must look like to make a match.
-SQLBill
Try this as a test:
USE Master
SELECT password
FROM Syslogins
WHERE name = 'BlackburnKL'
Then you'll see what the password must look like to make a match.
-SQLBill
BlackburnKL
Programmer
SQLBill,
Thanks for your response. Allow me to provide you with some follow-up information.
By the way, the password to which I am referring is an application password which is one of ours, not SQL Server's.
I committed an error testing this in SQL Server because I was attempting to find a record that I had not yet saved with the changes. It couldn't find the record because it wasn't there yet! OOPS!
The explanation given (replacing each single quote with two single quotes)--resulting in 4 consecutive single quotes in this case--works in native SQL Server.
Unfortunately, it still doesn't seem to work coming through the provider from VB6. It seems to be a string manipulation problem in VB. I got around it once by substituting the '''' with ''" & "'', but VB does some interesting things with strings manipulated like that. If I reference the string again (say to check for the occurence of another set of 2 single quotes, it converts it back to 4 consecutive single quotes (which doesn't work through the provider). I also ran into a strange thing (perhaps an "undocumented feature" where using a Replace(strSQL, "''''", "''"" & ""''" command in VB makes the desired change, but also converts a single space to a double space. Go figure.
I am going to try a workaround. Maybe this issue should have been raised in the VB forum instead....
BlackburnKL
Thanks for your response. Allow me to provide you with some follow-up information.
By the way, the password to which I am referring is an application password which is one of ours, not SQL Server's.
I committed an error testing this in SQL Server because I was attempting to find a record that I had not yet saved with the changes. It couldn't find the record because it wasn't there yet! OOPS!
The explanation given (replacing each single quote with two single quotes)--resulting in 4 consecutive single quotes in this case--works in native SQL Server.
Unfortunately, it still doesn't seem to work coming through the provider from VB6. It seems to be a string manipulation problem in VB. I got around it once by substituting the '''' with ''" & "'', but VB does some interesting things with strings manipulated like that. If I reference the string again (say to check for the occurence of another set of 2 single quotes, it converts it back to 4 consecutive single quotes (which doesn't work through the provider). I also ran into a strange thing (perhaps an "undocumented feature"
where using a Replace(strSQL, "''''", "''"" & ""''" command in VB makes the desired change, but also converts a single space to a double space. Go figure.I am going to try a workaround. Maybe this issue should have been raised in the VB forum instead....
BlackburnKL
- Status
Similar threads
- Locked
- Question