Storing Single Quotes in Varchar Variable SQL Server 2008

Storing single quotes in varchar variable SQL Server 2008

Like this. Yes Oded is correct. The proper terminology for this is 'escaping'. You can escape a single quote ' by doubling it up ''

DECLARE @codes1 varchar(50), @codes2 varchar(50)
SET @codes1 = '''abc'', ''def'', ''ghi'''
SET @codes2 = '''jkl'', ''mno'', ''pqr'''

How do I escape a single quote in SQL Server?

Single quotes are escaped by doubling them up, just as you've shown us in your example. The following SQL illustrates this functionality. I tested it on SQL Server 2008:

DECLARE @my_table TABLE (
    [value] VARCHAR(200)
)

INSERT INTO @my_table VALUES ('hi, my name''s tim.')

SELECT * FROM @my_table

Results

value
==================
hi, my name's tim.

Using a string of quoted values in a variable for a SQL WHERE CLAUSE

It doesn't work because the IN operator expects a list of items - here strings.

What you're supplying with your @ListValues variable however is a single string - not a list of strings.

What you could do is use a table variable and store your values in it:

DECLARE @ListOfValues TABLE (ItemName VARCHAR(50))

INSERT INTO @ListOfValues(ItemName) 
VALUES('aaa'), ('bbb'), ('ccc')

SELECT *    
FROM TABLEA 
WHERE FIELD1 IN (SELECT ItemName FROM @ListOfValues)

How to insert a value that contains an apostrophe (single quote)?

Escape the apostrophe (i.e. double-up the single quote character) in your SQL: 

INSERT INTO Person
    (First, Last)
VALUES
    ('Joe', 'O''Brien')
              /\
          right here

The same applies to SELECT queries:

SELECT First, Last FROM Person WHERE Last = 'O''Brien'

The apostrophe, or single quote, is a special character in SQL that specifies the beginning and end of string data. This means that to use it as part of your literal string data you need to escape the special character. With a single quote this is typically accomplished by doubling your quote. (Two single quote characters, not double-quote instead of a single quote.)

Note: You should only ever worry about this issue when you manually edit data via a raw SQL interface since writing queries outside of development and testing should be a rare occurrence. In code there are techniques and frameworks (depending on your stack) that take care of escaping special characters, SQL injection, etc.

How to put single quotes around variables in a dynamic query

You would have to place a quote in between the quotes, but escape it so it doesn't break your code. It would look like the following:

SET @Query = @Query + ' WHERE ' + '' + @param + ' ' + @operator + ' ' + '\'' + @val + '\'' ;

Edit: Eric Anderson's answer works as well. Take from the MySQL 5.0 Manual

A “'” inside a string quoted with “'” may be written as “''”.


Related Topics

Sql Query with Count and Case Statement

How to Pass Schema as Parameter to a Stored Procedure in SQL Server

Replacing Certain Character in Email Addresses with '*' in an SQL Query

Is There a Opposite Function to Isnull in SQL Server? to Do Is Not Null

Recommended Method to Import a .Csv File into Microsoft SQL Server 2008 R2

Update All SQL Null Values in Multiple Columns Using Column Level Where Clause

Is Too Many Left Joins a Code Smell

Conditional Unique Constraint with Multiple Fields in Oracle Db

Equivalents to SQL Server Top

How to Select Row with Max Value When Duplicate Rows Exist in SQL Server

Index Spanning Multiple Tables in Postgresql

Need to Convert Text Field to Varchar Temporarily So That I Can Pass to a Stored Procedure

Select The Rows That Just Inserted

Performance of Querying Across Two MySQL Databases on The Same Server

Postgres Next/Previous Row SQL Query

How to Treat a Union Query as a Sub Query

Access + Vba + SQL - How to Export Multiple Queries into One Excel Workbook, But, Multiple Worksheet Using The Criteria from a Table

Add Non-Nullable Columns to an Existing Table in SQL Server


Leave a reply



Submit