How do you handle special characters in an asp.net web search with SQL Server back end database. For example, single quotes and double quotes, etc.
Replacing the single quote '
or double quotes "
would be done like this
StrQuery = "Select * from TableName Where Keyword LIKE '%" + TxtSearchBox.Text + "%'";
StrQuery = StrQuery.Replace("'", "\'");
StrQuery = StrQuery.Replace('"', "\"");
StrQuery = StrQuery.Replace("\", "\\");
Another very important thing is you'd be better off using Parameterized queries . These will automatically handle the single quotes, and protect you better from SQL Injection.
SET QUOTED_IDENTIFIER would follow the ISO rules regarding quotation mark delimiting identifiers and literal strings. Identifiers delimited by double quotation marks can be either Transact-SQL reserved keywords or can contain characters not generally allowed by the Transact-SQL syntax rules for identifiers.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.