How do you handle a single quote in an asp.net web search
Question
How do you handle special characters in an asp.net web search with SQL Server back end database. For example, single quotes and double quotes, etc.
1 answers
solution1
1 ACCPTED 2015-12-15 03:23:33
Replacing the single quote ' or double quotes " would be done like this
StrQuery = "Select * from TableName Where Keyword LIKE '%" + TxtSearchBox.Text + "%'";
StrQuery = StrQuery.Replace("'", "\'");
StrQuery = StrQuery.Replace('"', "\"");
StrQuery = StrQuery.Replace("\", "\\");
Another very important thing is you'd be better off using Parameterized queries . These will automatically handle the single quotes, and protect you better from SQL Injection.
SET QUOTED_IDENTIFIER would follow the ISO rules regarding quotation mark delimiting identifiers and literal strings. Identifiers delimited by double quotation marks can be either Transact-SQL reserved keywords or can contain characters not generally allowed by the Transact-SQL syntax rules for identifiers.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.