Way to insert text having ' (apostrophe) into a SQL table
In SQL, the way to do this is to double the apostrophe:
'he doesn''t work for me'
However, if you are doing this programmatically, you should use an API that accepts parameters and escapes them for you automatically. Programmatically escaping and using string concatenation to assemble a query yourself is a sure way to end up with SQL injection vulnerabilities.
How to concatenate string in single quotation in SQL server 2005?
To escape a single quote in SQL, you have to use the same character twice. ''
will be substituted as one single quote in your concatenated string.
Single and double quotes in Sql Server 2005 insert query
You escape '
as ''
.
So instead of str.Replace("\'", " ")
use str.Replace("'", "''")
How to Post a SQL String With Quotes?
If you have a file accessible to the SQL Server, you can read the contents in to a variable with OPENROWSET
. For example, to read a Unicode text file at C:\drop\demo.html
:
DECLARE @DocumentText nvarchar(MAX);
SELECT @DocumentText = BulkColumn
FROM OPENROWSET(BULK 'C:\drop\demo.html', SINGLE_NCLOB) file;
INSERT INTO Files (Column) VALUES (@DocumentText);
Related Topics
Sqlite Inner Join - Update Using Values from Another Table
Unexpected Results from SQL Query with Between Timestamps
SQL Error: Ora-02291: Integrity Constraint
SQL Convert Week Number to Date (Dd/Mm)
Best Way to Store Working Hours and Query It Efficiently
SQL Server Table Creation Date Query
Oracle: How to "Group By" Over a Range
Is a Primary Key Necessary in SQL Server
Oracle Convert Timestamp with Timezone to Date
Ruby on Rails - Search in Database Based on a Query
Sqlite Database - Select the Data Between Two Dates
Executing SQL Server Agent Job from a Stored Procedure and Returning Job Result
In VS or of Oracle, Which Faster
How to Get the Next Number in a Sequence